Today we've released a cornerstone of the NCSC's security architecture practice - our pattern for safely importing data. This pattern is one we've been recommending in our consultancy work for many years, but it's being published on the web for the first time today. We hope you find it useful.
The pattern incorporates some of the techniques we describe in our security architecture design principles. In particular, we rely on the concepts of transformation and validation, ordering them into a gateway designed to let you bring data into your systems without inadvertently importing malicious code.
The pattern is generic, so should be tailored to fit your particular scenario. In lower risk situations, you might want to leave out some of the controls, such as the transformation engine, but if you're facing higher risks you might want to use them all and seek particular assurance in the validation engine.
One top tip I’d like to share from my experience of using the pattern is to remind users to ask for the data they need, rather than the document it's wrapped in. I’ve often heard requirements for regular PDF transfers, when what is actually needed is some text, or numbers contained within a PDF. The data might arrive in a PDF, but that’s not necessarily what's required to pass through your gateway.
Please let us know if the pattern proves useful to you. We have a couple more in our pipeline to publish too. The next will focus on safely exporting data, which the eager amongst you should note is not simply the reverse of the import pattern!
Chief Architect, NCSC