Intro to cyber Saltzer Design Principles

The main goal of security principles

Provide restrictions with simplicity

Benefits of simplicity

Less complexity provides fewer points of failure and to monitor.
An easier to understand system is easier to defend.

Restriction

Minimize power and access of entities in the system.

Keep the system as close as possible to a safe manageable state.

Least Privilege

Privileges should only be given to a user, application, service, or other entity necessary to complete an intended task.

In the case that a privilege needs to be raised, it will only be so for the duration need to complete the task.

Should be based on function instead of identity.

Fail-Safe defaults

The default state of a resource should be as safe and secure as possible, such as a lack of access or lack of change.

Also makes malfunctions easier to detect.

Economy of Mechanism

Designs should be kept as simple as possible.

As with the intentions of security principles, this allows less complexity meaning fewer point of error.

examples of smaller designs -

Line-by line inspection of software to locate vulnerabilities or bugs.

Physical inspection of hardware to locate damage or troubleshoot a problem.

Separation of privileges

Permission should not be granted based on a single condition. “Requiring multiple conditions to gain permission is more secure.”

Prevents any single accident, deception, or breach of trust from enabling a harmful action.

Responsibilities should be separated to prevent deception and single points of failure.

Complete mediation

Each access to an objected must be validated each time it occurs.

Open design

System should not depend on the secrecy of design, implementation, or configuration. “Security should not depend on obscurity.”

Aids in mitigating damage caused by reverse engineering, leaks, inference, OSINT gathering, or regular examination.

Least common mechanism

Minimization of the amount of mechanisms common to more than one user and/or depended on by all users. Essentially, avoid sharing resources.

Shared channels make it more difficult to control the flow of information. When multiple users are reading or writing to the same area, data can be leaked or modified.

Psychological acceptability

Security mechanisms in place should not unreasonably affect legitimate users.

The interface should be designed for ease of use. Complexity introduced by security mechanisms should occur behind the scenes and have a minimal impact on the user.

The system should behave as the user expects and its mechanisms should be easy to understand.

Work Factor

The investment an attacker must make to circumvent a security mechanism.

Compromise Recording

The mechanism by which a compromise can be reliably recorded.