Studied by 0 people
Looks like no one added any tags here yet for you.
Economy of Mechanism
security systems should be as simple as possible
Open Design
Assume the enemy knows the system, allow algorithms to be open to public scrutiny, and keep cryptographic keys private
Ensure Complete Mediation
All access should be monitored, protected, and go through one point (reference monitor)
Least Privilege
Every process + system user should operate w/ least privilege possible in order to perform a task
Work Factor
Cost of bypassing a security mechanism should be compared w/ the resources of an attacker when designing a security scheme
Use Fail-Safe defaults
When protection fails, go into a safe mode
Separation of privileges
Split up privilege so no one person/system has complete power - require multiple parties to approve before access is granted
Defense in depth
If you use multiple redundant protections, then all of them would need to be breacahed before the system’s security will be endangered
Detect if you Can’t Prevent
Deter: stop the attack before it happens by making the attacker prefer to do something else
Prevent: stop the attack before it happens by making the attack fail
Detect: if you can’t stop the attack from happening, you should at least be able to know that the attack has happened
Save audit logs so that you can detect + analyze break-ins
Next step - recover system + respond to attack
Design security in from the start
Trying to add security to an existing application after it has been designed + implemented is v difficult
