1.2, 1.3 - IT Security Design principles and Facets of Trusworthiness Flashcards
Principle of Least privilege
A subject should only be given the privileges it needs to complete its tasks and no more
Principle of Fail-safe defaults (related to Secure by Design)
Unless explicit access has been granted, Access should be denied by default and the system should roll back to the start start for safety, if it cant complete a task. (relates to TSF Safety facet)
Principle of Economy of Mechanism
Security Mechanisms should be as simple as possible, this should mean fewer possibilities exist for error. related to TSF Reliable
Principle of Complete Mediation
All accesses to objects must be checked to ensure that they are still allowed and Verify all pages and resources by default require authentication except those specifically intended to be public, This principle restricts the caching of information. Related to Reliable
Principle of Open Design
The security of a mechanism should not depend on the secrecy of its design or implementation. Especially relevant to Cryptographic systems
Related to security
Principle of Separation of Privilege
A system should ensure that multiple conditions are met before granting access to an object. Also relates to seperation of duty, For example no one person should be able to open a bank safety deposit box, One permisson might have the key to the room where the box is stored and another person might have the codes to the box.
Related to Security (Avoid making mistakes)
Principle of Least Common Mechanism
Mechanisms to access resources should not be shared. Linked to Resilience, Resources not shared, could be linked to network segmentation
Sharing resources provides a channel along which information can be transmitted, and so such sharing should be minimized.
Principle of Psychological Acceptability
security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present. Examples: ssh, login mechanism
Safety
The ability of the software to operate without harmful states
Reliability
the ability of the system to deliver services as specified (without bugs) - Reliable is the outcome - linked to economy of mechanism - the simpler the system the easier it is to make reliable.
Availability
The ability of the software to operate when required / The ability of the system to deliver services when requested
Resilience
The ability of the software to recover from errors quickly and completely. - System auto scaling in repsond to load to remain available or having a failover system
Security
The ability of the software to remain protected against threats
Compare TSI and IT Security Design Principles
Security Availability Reliability Resilience Safety - Fail-safe Least privilege Psychological acceptability Separation of privilege Least common mechanism Economy of mechanism Complete mediation Open design Fail-safe
What is a primary factor designing a secure system?
To understand what is being protected.
What is a functional requirement?
A Functional Requirement (FR) is a description of the service that the software must offer. (In Microsoft word you expect to be able to type, change font size, etc)
What is a non-functional requirement?
A Non-Functional Requirement (NFR) defines the quality attribute of a software system. Judged by Safety and Security, (On a banking website you expect security and for the attacker not to steal all your money.)
TSF Facets of trustworthy software
There are 5 principles, Safety, Reliability, Availability, Security, Resilience

A subject should only be given the privileges it needs to complete its tasks and no more
Principle of Least privilege
Unless explicit access has been granted, Access should be denied by default and the system should roll back to the start start for safety, if it cant complete a task. (relates to TSF Safety facet)
Principle of Fail-safe defaults (related to Secure by Design)
Security Mechanisms should be as simple as possible, this should mean fewer possibilities exist for error. related to TSF Reliable
Principle of Economy of Mechanism
All accesses to objects must be checked to ensure that they are still allowed and Verify all pages and resources by default require authentication except those specifically intended to be public, This principle restricts the caching of information. Related to Reliable
Principle of Complete Mediation
The security of a mechanism should not depend on the secrecy of its design or implementation. Especially relevant to Cryptographic systems
Related to security
Principle of Open Design
A system should ensure that multiple conditions are met before granting access to an object. Also relates to seperation of duty, For example no one person should be able to open a bank safety deposit box, One permisson might have the key to the room where the box is stored and another person might have the codes to the box.
Related to Security (Avoid making mistakes)
Principle of Separation of Privilege
Mechanisms to access resources should not be shared. Linked to Resilience, Resources not shared, could be linked to network segmentation
Sharing resources provides a channel along which information can be transmitted, and so such sharing should be minimized.
Principle of Least Common Mechanism
security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present. Examples: ssh, login mechanism
Principle of Psychological Acceptability
The ability of the software to operate without harmful states
Safety
the ability of the system to deliver services as specified (without bugs) - Reliable is the outcome - linked to economy of mechanism - the simpler the system the easier it is to make reliable.
Reliability
The ability of the software to operate when required.
Availability
The ability of the software to recover from errors quickly and completely. - System auto scaling in repsond to load to remain available or having a failover system
Resilience
The ability of the software to remain protected against threats
Security
Security Availability Reliability Resilience Safety - Fail-safe Least privilege Psychological acceptability Separation of privilege Least common mechanism Economy of mechanism Complete mediation Open design Fail-safe
Compare TSI and IT Security Design Principles
To understand what is being protected.
What is a primary factor designing a secure system?
A Functional Requirement (FR) is a description of the service that the software must offer. (In Microsoft word you expect to be able to type, change font size, etc)
What is a functional requirement?
A Non-Functional Requirement (NFR) defines the quality attribute of a software system. Judged by Safety and Security, (On a banking website you expect security and for the attacker not to steal all your money.)
What is a non-functional requirement?
There are 5 principles, Safety, Reliability, Availability, Security, Resilience

TSF Facets of trustworthy software