Session 02 : Principles of Secure Design

Question 1

Principles of Secure design?

Answer 1

• Least privilege and isolation
• End-to-end security
• Fail-safe defaults
• Open design
• Defense in depth
• Security by design
• Tension between security and other design goals
• complete mediation
• Use of vetted security components
• Economy of mechanism

Question 2

1. Least Privilege and Isolation : what is ?

Answer 2

• Users, programs, and systems should have the minimum access which needed to do their job.
• Different system components should be isolated from each other so that if one part is compromised, the rest remains safe.

Question 3

1. Least Privilege and Isolation : examples ?

Answer 3

• A cashier in a supermarket can access the billing system but not customer financial record.
• In Windows and Linux, regukar users cannot install software or change system settings without admin rights.

Question 4

1. Least Privilege and Isolation : why it’s important ?

Answer 4

• Reduce the damage an attacker can do if they gain access.
• Prevents accidental mistakes from affecting the entire system.

Question 5

2) End-to-end security : what is?

Answer 5

• Data should be protected at all stages-when stored, transmitted, and processed.

Question 6

2) End-to-end security : examples?

Answer 6

• WhatsApp use end-to-end encryption, only the sender and receiver can read messages, even if intercepted.
• Online banking encrypts data from the user’s browser to the bank’s server.

Question 7

2) End-to-end security : why it’s important?

Answer 7

Protects sensitive data from hackers who try to steal or modify it.

Question 8

3) Fail-Safe Defaults : what is?

Answer 8

• The system should deny access by default and grant access only when explicitly allowed.

Question 9

3) Fail-Safe Defaults : examples?

Answer 9

• If a user enters the wrong password multiple times, the account gets locked instead of allowing further attempts.
• Firewall rules should block all network traffic by default and allow only approved connections
• A new employee should not have access to confidential files unless specifically given permission.

Question 10

3) Fail-Safe Defaults : why it’s important?

Answer 10

Prevents unauthorized access if security settings are misconfigured.

Question 11

4) Open Design : what is ?

Answer 11

Security should not depend on secrecy of design but on strong security mechanisms that can withstand public scrutiny.

Question 12

4) Open Design : examples ?

Answer 12

• Encryption algorithms (AES, RSA, SHA-256) are publicly know but remain secure because they rely on mathematical streangth.
• Linux operating system is open-source, meaning anyone can review its security code.

Question 13

4) Open Design : why it’s important ?

Answer 13

• Security through secrecy is weak because once exposed, the system become vulnerable.
• Publicly tested security mechanisms are more trustworthy.

Question 14

5) Defence in Depth?

Answer 14

• What? :
  
  • Use **multiple layers of security ** so that if one layer fails, others still provide protection.
• Examples? :
  
  • Cybersecurity uses firewalls, antivirus, encryption, multi-factor authentication (MFA) to protect data.
• Why it’s important:
  
  • Multipe layers reduce overall risk.

Question 15

6) Security by Design?

Answer 15

• What ?
  
  • Security should be built into the system from the start, not added later as an afterthought.
• Examples ?
  
  • Employ the security practices into SDLC
• Why important ?
  
  • Fixing security flaws later is expensive and risky.

Question 16

7) Tensions Between Security and Other Design Goals

Answer 16

• What ?
  
  • Security must be balanced with usability, performance, and cost.
• Examples ?
  
  • Strong passwords increase security but make them hard to remember
  • MFA improves security but takes extra time.
  • Encrypted DBs are secure but need more processing power.
• Why important ?
  
  • Too much security can make a system inconvenient and reduce productivity.
  • Finding the right balance ensures both security and efficiency.

Question 17

8) Compile Mediation

Answer 17

• What ?
  
  • Every access request should be checked every time, not just once.
• Examples ?
  
  • ATM transaction require a PIN for each withdrawl
  • Online banking logs you out after inactivity to prevent unauthorized access.
  • OSs rechek user permissions every time a file is accessed.
• Why important ?
  
  • Prevent Session hijacking and unauthorized access.

Question 18

9) Use of vetted security components

Answer 18

• What ?
  
  • Use of tursted and well-tested security tools instead of creating custom.
• Examples ?
  
  • Use AES encryption, instead of inventing new encryption method.
  • Use verified security libraries, instead of writing custom.
• Why important ?
  
  • New untested security solutions often have hidden vulnerabilities.

Question 19

10) Economy of mechanism

Answer 19

• What ?
  
  • Keep security systems as simple as possible to reduce errors and vulnerabilites.
• Examples ?
  
  • Use simple password system with strong encryption.
  • Unix file permissions are simpler than complex access control models but still effective.
  • Firewalls with clear rules are easier to maintain.
• Why important ?
  
  • Complex systems are harder to test and often contain hidden vulnerabilities.

Question 20

11) Usable security

Answer 20

• What ?
  
  • Security systems should be easy to use, so that people can follow security best practices without confusion or frustation.
• Examples ?
  
  • Password managers make it easier to use strong, unique passwords for each account.
  • Fingerprint scanners on phones provide strong security without needing complex passwords.
  • 2FA apps make logins more secure and user-friendly
• Why important ?
  
  • If secrity is too difficult, users will find workarounds.

Question 21

12) Security composability

Answer 21

• What ?
  
  • Different security components should work together seamlessly to provide strong protection.
• Examples ?
  
  • Online banking uses encryption, user authentication, firewalls, and fraud detection - each layer supports the others.
  • Web securtiy combines HTTPS, firewalls, input validation, and intrusion detection.
• Why important ?
  
  • If security systems don’t work together properly, gaps may create weak points that hackers can exploit.

Question 22

13) Prevention, Detection, and Deterrence

Answer 22

• What ?
  
  • A compleate security system should include 3 key steps.
    
    1. Prevention : Stop attacks before happens
    2. Detection : Identify attacks when they occur.
    3. Deterrence : Make attacks less attractive or too risky for attackers
• Examples ?
  
  • Cybersecurity
    
    1. Prevention : Firewalls and antivirus softwares block malware.
    2. Detection : IDS monitor for unusual behaviour.
    3. Deterrence : Strong encryption and legal consequences make hacking difficult and risky.
  • Physical Security
    
    1. Prevention : Locked doors and Security guards
    2. Detection : Security cameras and alarms
    3. Deterrence : Warning signs
• Why important ?
  
  • No single security measure is enough - a complete system needs all three to be effective.