Security Principles

Economy of Mechanism

security systems should be as simple as possible

Open Design

Assume the enemy knows the system, allow algorithms to be open to public scrutiny, and keep cryptographic keys private

Ensure Complete Mediation

All access should be monitored, protected, and go through one point (reference monitor)

Least Privilege

Every process + system user should operate w/ least privilege possible in order to perform a task

Work Factor

Cost of bypassing a security mechanism should be compared w/ the resources of an attacker when designing a security scheme

Use Fail-Safe defaults

When protection fails, go into a safe mode

Separation of privileges

Split up privilege so no one person/system has complete power - require multiple parties to approve before access is granted

Defense in depth

If you use multiple redundant protections, then all of them would need to be breacahed before the system’s security will be endangered

Detect if you Can’t Prevent

1. Deter: stop the attack before it happens by making the attacker prefer to do something else

2. Prevent: stop the attack before it happens by making the attack fail

3. Detect: if you can’t stop the attack from happening, you should at least be able to know that the attack has happened 

   1. Save audit logs so that you can detect + analyze break-ins

4. Next step - recover system + respond to attack

Design security in from the start

Trying to add security to an existing application after it has been designed + implemented is v difficult