Scribd
Upload
7 views

Design Principles

The document outlines several design principles for computer security: 1) Economy of mechanism - security measures should be as simple and small as possible, for example file encryption supporting access control. 2) Fail-safe default - the default is lack of access and the protection scheme identifies allowed access conditions. Fail-safe also means systems will not endanger lives when they fail. 3) Complete mediation - every access must be checked against the access control mechanism to ensure it is allowed rather than relying on cached privileges.

Uploaded by

Muhammad Adnan Haider Muhamad Nawaz
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views

Design Principles

The document outlines several design principles for computer security: 1) Economy of mechanism - security measures should be as simple and small as possible, for example file encryption supporting access control. 2) Fail-safe default - the default is lack of access and the protection scheme identifies allowed access conditions. Fail-safe also means systems will not endanger lives when they fail. 3) Complete mediation - every access must be checked against the access control mechanism to ensure it is allowed rather than relying on cached privileges.

Uploaded by

Muhammad Adnan Haider Muhamad Nawaz
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Computer Security

Design Principles
ECONOMY OF MECHANISM

• Design of security measures embodied in both


hardware and software should be as simple and
small as possible
• For example, file encryption supporting the
access control service that in turn supports
the goals of confidentiality and integrity by
preventing unauthorized file access.
FAIL-SAFE DEFAULT

• The default situation is lack of access, and the


protection scheme identifies conditions under
which access is permitted
• Unless a subject is given explicit access to an
object, it should be denied access to that object
• Fail-safe also means that a device will not
endanger lives or property when it fails.
Fail Safe Example

For example, if a building catches fire, fail-safe


systems would unlock doors to ensure quick
escape and allow firefighters inside, while
fail-secure would lock doors to prevent
unauthorized access to the building.
COMPLETE MEDIATION

• Every access must be checked against the


access control mechanism to ensure that it is
allowed
• Systems should not rely on access decisions
retrieved from a cache.
Complete Mediation
.What happens in most systems is that those
privileges are cached away for later use. The
subject’s privileges are authenticated once at the
initial access. For subsequent accesses the system
assumes that the same privileges are enforce for
that subject and object. This may or may not be the
case. The operating system should mediate all and
every access to an object.
For Example DNS Spoofing attack , MITM attack
OPEN DESIGN

• Design of a security mechanism should be open


rather than secret
• The security of a mechanism should not depend
on the secrecy of its design or implementation.
• For example, cryptographic systems
SEPARATION OF PRIVILEGE

• Practice in which multiple privilege attributes


are required to achieve access to a restricted
resource
LEAST PRIVILEGE
• Every process and every user of the system
should operate using the least set of privileges
necessary to perform the task
• Any access control system should allow each user
only the privileges that are authorized for that
user
• Subject should be given only those privileges that
it needs in order to complete its task
PSYCHOLOGICAL ACCEPTABILITY

• Security mechanisms should not interfere


unduly with the work of users, while at the
same time meeting the needs of those who
authorize access
• Security mechanisms – hinder the usability or
accessibility of resources, users may opt to turn
off those mechanisms
LEAST COMMON MECHANISM

• Mechanisms used to access resources should


not be shared.
• Sharing resources provides a channel along
which information can be transmitted. Hence,
sharing should be minimized as much as
possible.
ISOLATION
• Public access systems should be isolated from critical
resources to prevent disclosure or tampering
• Criticality of the information is high - organizations may
want to limit the number of systems on which that data is
stored and isolate them
• Processes and files of individual users should be isolated
from one another except where it is explicitly desired
MODULARITY
• Goal is to provide common security functions and
services as common modules
Layering
• Use of multiple, overlapping protection approaches
addressing the people, technology, and operational
aspects of information systems
References
• Computer Security – Matt Bishop
• Computer Security – William Stallings

You might also like