SB 22: Design Principles for Security Flashcards

1
Q

What is the underlying idea of design principles?

A

To design with simplicity and restrictions in mind. Simplicity minimizes the risk of problems and makes problems easier to deal with. Restrictions means there is less data needing to be checked during system interactions and people/processes only have access to what they actually need.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the principle of least privilege?

A

A subject should only be given the privileges it needs to be able to complete its task. Analogous to the “need to know” rule. Is complex to implement in practice because it requires a high level of detail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What it the “Principle of least authority”?

A

Not an official principle. Closely related to the principle of least privilege. A subject should only be given the authority it needs to complete its task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between the principle of least privilege and least authority?

A

Only a difference if we make a distinction between authority and permissions. Permission being what actions a process can take on objects directly. Authority being the effects processes may have on an object, directly or indirectly through interactions with other “subjects”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Principle of fail-safe defaults

A

Unless a subject is given explicit access to an object it should be denied access. Default access therefore needs to be none. Changes that cannot be completed should be undone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Principle of economy of mechanism

A

Security mechanisms should be as simple as possible. Simplicity means less risk of errors occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Principle of complete mediation

A

Restricts the caching of information. Requires that all accesses to objects be checked to ensure they are allowed. The mediator should check the authenticity and integrity of the access request, if those are validated and the access is authorized the request is granted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Principle of open design

A

The security of a mechanism should not depend on the secrecy of its design or implementation. Secrets don’t always stay secrets, it might therefore be wise to plan for compromise of secrets. Especially relevant with cryptographic systems and software as it can give a false sense of security if the algorithms are kept secret.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Principle of separation of privilege

A

A system should not grant permissions based on a single condition. Equivalent to the separation of duty.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Principle of least common mechanism

A

Mechanisms used to access resources should not be shared. Sharing resources can create vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Principle of least astonishment

A

Security mechanisms should be designed so that (1) users understand why the mechanism works the way it does and (2) it is simple to use. Security software that is complicated to set up could result in poor or incorrect configurations. It should also output understandable messages with no unnecessary information. I.e “incorrect login” NOT “incorrect password”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly