Fundamental security design principles

Economy of mechanism

Simple designs usually are easier to maintain, extend, and have less exploitable flaws

Fail-safe default

Access decisions should be based on permissions not exclusions

Complete mediation

Access control mechanism should check every access attempt

Open design

security design should be open for public scrutiny and reviews. Encryption keys and the likes should still be secret

Separation of privilege

A practice where multiple privilege attributes are used to gain access to access a restricted resource (2FA, 2 users needed to authenticate something etc)

Least privilege

Every process and user should use role-based access control

Least common mechanism

The design should minimize the functions shared by different users, offering mutual security

Psychological acceptability

security designs should not interfere with a users work, while at the same time still meeting the needs of those with authorized access

Isolation - 3 types

• Public access systems should be isolated from critical resources

• The processes and files of individual users should be isolated from each other, unless explicitly desired

• Security mechanisms should be isolated, meaning prevent access to them

• e.g. sub-networking, separating servers into web, application, and db servers

Encapsulation

specific form of isolation based on object-oriented functionality (Will learn more in future lecture)

Modularity

security functions created as separate protected modules

Layering

Refers to the use of multiple and overlapping protection approaches being used

Least astonishment

The security measures should make sense to the user and be simple to use

Attack surface

consists of the reachable and exploitable weaknesses in a system or network tat a hacker can attack