Download
principles of secure design by matt bishop augmented by michael rothstein n.
Skip this Video
Loading SlideShow in 5 Seconds..
(Breather) ‏ PowerPoint Presentation
Download Presentation
(Breather) ‏

(Breather) ‏

164 Vues Download Presentation
Télécharger la présentation

(Breather) ‏

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏ (Breather)‏

  2. Principles of Secure Design • Least Privilege • Fail Safe Defaults • Economy of Mechanism • Complete Mediation • Defense in depth • Open Design • Separation of Privilege • Least Common Mechanism • Psychological Acceptability

  3. Principle of Least Privilege • A subject should only be given the privileges it needs to complete its task and no more. • The privileges should be controlled by the function, not the identity, similar to the right to know principle. • For example, a cashier cannot write checks.

  4. Principle of Fail-Safe Defaults • Unless explicit access has been granted, access should be denied. Moreover, if a system is unable to complete a task, it should roll back to the start state, for safety. • Example: A regular user may not modify other people's mail files; in addition, if the mail program cannot deliver mail, the only thing it can do is report failure.

  5. Principle of Economy of Mechanism • Security mechanisms should be as simple as possible. • This way, it is easier to check for errors.

  6. Principle of Complete Mediation • All accesses to objects must be checked to ensure that they are still allowed.

  7. Principle of Defense in Depth • The more lines of defense there are against an attacker, the better the defense, specially if the additional line(s) are of different nature.

  8. Principle of Open Design • The security of a mechanism should not depend on the secrecy of its design or implementation. • Specially important for crypto. • Example DVD's

  9. Principle of Separation of Privilege • A system should not grant permission based on a single condition. • Example: on BSD systems, su users must belong to the wheel group and know the root password.

  10. Principle of Least Common Mechanism • Mechanisms to access resources should not be shared (because they provide a haven for covert channels)‏

  11. Principle of Psychological Acceptability • Security mechanisms should not make it more difficult to access a resource. • Examples: ssh, login mechanism