421.2 System design

Overview

The design phase transforms gathered requirements and defined specifications into a concrete plan for building the software. In secure software development, this phase is crucial for preventing vulnerabilities by incorporating protection mechanisms into the system structure before coding begins.

Effective design ensures that functionality, user experience, and security are considered together. Poor design can introduce flaws that are difficult to fix later and may undermine privacy, trust, or compliance.

Targets

In this topic, students learn to:

• Describe the role of design in the secure software lifecycle

• Apply secure design principles to system planning

• Use modelling tools to represent structure and data flows

• Evaluate how design choices affect system behaviour and security

Syllabus references

Purpose of secure design

Design decisions affect every layer of a system—from how data flows through components to how users interact with the interface. Key goals include:

• Organising components logically and efficiently

• Defining clear data flows and access boundaries

• Planning for errors, exceptions, and misuse

• Selecting appropriate tools and structures to mitigate risks

Security-aware design prevents many common vulnerabilities by eliminating ambiguity, enforcing constraints, and limiting exposure.

Modelling techniques

Several modelling tools are used to formalise and communicate design decisions:

• Data flow diagrams (DFDs) – Show how data moves between components, external entities, and storage

• Structure charts – Represent program modules and their hierarchical relationships

• Use case diagrams – Describe system interactions from a user perspective

• Refinement diagrams – Break down complex problems into smaller, manageable functions

• Wireframes – Plan the user interface layout and navigation

These tools help uncover hidden risks, such as excessive data exposure, overly complex dependencies, or missing checks.

Designing for security

Secure software design involves:

• Applying design principles such as least privilege, defence in depth, and secure defaults

• Identifying potential threats and planning controls (e.g. rate limiting, validation, access controls)

• Mapping out how errors, unexpected inputs, and edge cases will be handled

• Considering user capability, accessibility, and behaviours that may introduce risk

Good design balances functionality, usability, and protection.

Output of the design phase

The outcome of this phase is a set of artefacts (often visual and textual) that define:

• System architecture and component responsibilities

• Data structures and control flow

• Security features and trust boundaries

• Requirements traceability (linking back to earlier stages)

These artefacts guide development and serve as reference points during testing, maintenance, and future upgrades.