Module 2 - Design Principles Flashcards
What is least privilege?
Only have rights necessary to do the job
What is complete mediation?
Every access to every object must be checked
What is open design?
More open system
What is separation of privilege?
Access should depend on more than one condition being satisfied
What is psychological acceptability?
Where a user bypasses controls in order to make their job easier
What is fail secure?
If software fails let it do it securely
What is defence in depth?
Multiple layers of defence
What is secure the weakest link?
System is only as strong as its weakest link
What is least common mechanism?
Minimise the amount of mechanism common to more than one user
What is it to compartmentalise?
Break the system into units to minimise damage
What is fail-safe defaults?
If an action fails, system is as secure as when action begins
What is the TSI?
Trustworthy software initiative
- aims to improve software
- based in Warwick uni
What is the TSI concerned with?
ARRSS
Availability Reliability Resilience Safety Security
