Security Principles Flashcards
Name 10 Security Principles
Least Privilege, Complete Mediation, Secure fail-safe defaults / Implicit deny, Compartmentalization, Minimum Exposure, Open Design, Economy of Mechanism, Defense in Depth, Least Common Mechanism, Psychological Acceptability
What is the principle of Least Privilege?
A subject should not have more privileges than necessary to complete its approved job.
What is the principle of Complete Mediation?
Access to every object must be controlled in a way not circumventable
What is the principle of Secure, fail-safe defaults / Implicit deny?
Security systems should start in a secure state and return to a secure default state in case of failures.
What is the principle of Compartmentalization?
Organize resources into groups isolated from each other, except for limited, controlled means of communication.
What is the principle of Minimum Exposure?
Minimizing the “attack surface” the system presents to a potential adversary
What is the principle of Open Design?
No security by obscurity
What is the principle of Economy of Mechanism
Security mechanisms should be as simple as possible
What is the principle of Defense in Depth?
A system should employ multiple layers of security mechanisms to hinder a potential attacker
What is the principle of Least Common Mechanism?
Mechanisms used to access resources should not be shared.
What is the principle of Psychological Acceptability?
A security mechanism should not make a resource more difficult to access than if the mechanism was not present.
What is the major limitation of security principles?
They are abstract and not constructive
Can we define security design patterns?
Yes and no. On a high (abstraction) level this is possible (principles, architecture e.g. DMZ). On a lower level this is difficult as security is a cross-cutting concern.