Design Principles Flashcards
Least Privilege
“Subject gets the least set of privileges needed to complete the task”.
Large systems are divided into well-defined subcomponents.
TOCTTOU (Time to Check to Time of Use) flaws (related somehow)
Fail-Safe Defaults
“Access is denied unless it is explicitly given”
IF: unable to complete a task
THEN: undo all changes to the security state of the system
=: the system is back to its initial state
Economy of Mechanism
“Security mechanisms must be as simple as possible”
Simplify design and implementation
Simplicity –> Fewer, less complex tests, Fewer errors
Unexpected input?
Complete Mediation
“Check all object accesses and ensure that they are allowed”
Every access to every object must be checked for authority. (granting access control)
Open Design
“The design should not be secret”
Should not rely on the design being secret to ensure privacy, instead the keys/passwords should be the secret.
Separation of Privilege
“NOT granting access based on a single condition”
2+ keys/factors are more robust than 1, ex need password and to be in a specific group.
Additional assurance for authorization.
Least Common Mechanism
“Mechanisms used to access resources must not be shared”
Sharing resources create a channel for information transfer, these should not be shared.
Ensures customer data sets are separated logically and access to the client networks is not shared.
Creates some isolation, and isolation prevents information leaks with for example sandboxes and virtual machines.
Psychological Acceptability
“Security should NOT make access to a resource more complex than IF there were no security”
IF a security mechanism adds complexity, people will:
Misconfigure them
Use them inappropriately
Turn them off.
What are the eight design principles
Separation of privilege
Least privilege
Least common mechanism
Economy of mechanism
Complete mediation
Fail-safe default
Open design
Psycological acceptability
