1.4 Security Principles

1.4 Security Principles

• 1.4 Security Principles
  • security principles
  • The Ten Security Principles
    • Economy of mechanism
    • Fail-safe defaults
    • Complete mediation 调解
    • Open design
    • security by obscurity
    • Separation of privilege
    • Least privilege
    • Least common mechanism
    • Psychological acceptability
    • Work factor
    • Compromise recording

---

security principles

• 1975 paper by Saltzer and Schroeder.

The Ten Security Principles

Economy of mechanism

• simplicity the design and implementation of security measures.

Fail-safe defaults

• the default configuration of a system should have a conservative protection scheme.
• if no access rights are explicitly specified for a certain subject-object pair (s, o) (like access control matrix), then all types of access to object o are denied for subject s.

Complete mediation 调解

• every access to a resource must be checked for compliance with a protection scheme.
• it can be risky if permissions are checked the first time a program requests access to a file, but subsequent accesses to the same file are not checked again while the application is still running.
• Example:
  • online banking web site, 15 minutes, has elapsed

Open design

• the security architecture and design of a system should be made publicly available.
• allows for a system to be scrutinized by multiple parties, early discovery and correction of security vulnerabilities caused by design errors.

security by obscurity

• opposite of Open design, known a tries to achieve security by keeping cryptographic algorithms secret has been historically used without success by several organizations.

Separation of privilege

• multiple conditions should be required to achieve access to restricted resources or have a program perform some action.
• limit the damage caused by a security breach of any individual component.

Least privilege

• Each program/user should operate with the bare minimum privileges necessary to function.
• need-to-know: the military concept.

Least common mechanism

• systems with multiple users, mechanisms allowing resources to be shared by user should be minimized.

Psychological acceptability

• user interfaces should be well designed and intuitive 有直觉力的,
• all security-related settings should adhere to what an ordinary user might expect.

Work factor

• the cost of circumventing a security mechanism should be compared with the resources of an attacker when designing a security scheme.

Compromise recording

• record the details of an intrusion than to adopt more sophisticated measures to prevent it.