IT Security Design Principles Flashcards

1
Q

What is Least privilege

A
  • Should only have the rights necessary to perform a given function
  • Default setting should be lack of access
  • access needed temporarily, then it should be rescinded after use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Economy of mechanism

A
  • Sufficiently small and simple as to be verified and implemented – e.g. security kernel
  • Simpler means less can go wrong – and when errors occur, they are easier to understand and fix
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Complete mediation

A
  • Every access to every object must be checked

* Must be efficient with little overhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Open design

A
  • Don’t depend on secrecy of the design
  • Security through obscurity’ is a bad idea - Should be open for scrutiny by the community
  • Kerckhoffs’ Principle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Separation of privilege

A
  • Access to objects should depend on more than one condition being satisfied
  • Separation of duty - two person rule
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Least common mechanism

A

•Minimise the amount of mechanisms common to more than one user and
depended on by all users
•Do not share state between programs; corruption of one = corruption of all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Psychological acceptability

A

•User interface must be easy to use, so that
users routinely and automatically apply the mechanisms correctly
•Security mechanisms should not add to difficulty of accessing resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Fail securely

A

•If software has to fail ensure that it does it securely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Defence in depth

A

•Use diverse defensive strategies
•If one layer isn’t good enough, another layer will hopefully prevent a complete
compromise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Secure the weakest link

A
  • A software security system is only as strong as its weakest link
  • Attackers go after the easy targets
  • Identify and strengthen weak links until an acceptable level of risk is achieved
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Fail-Safe defaults

A
  • If action fails, system as secure as when action began
  • The default state is lack of access
  • Need to argue why a user should have access, not argue why a user should not have access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Compartmentalise

A
  • Minimize the amount of damage that can be done by breaking the system into units
  • Very few operating systems do this because it is difficult to manage
  • Root privilege is an example of how not to do it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fail securely

A

•If software has to fail,make sure that it does it securely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Keep it simple

A

•Complexity can cause errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Use your community resources

A

•Public scrutiny promotes trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly