June 1, 2004©2002-2004 Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Slides:



Advertisements
Similar presentations
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Advertisements

VM: Chapter 5 Guiding Principles for Software Security.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
ANDROID™ OS Security A brief synopsis of the Android Operating System and its security. By Daniel Angelis.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.
Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.
G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Secure Design Principles CSC 482/582: Computer SecuritySlide #1.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Software Security and Security Engineering (Part 2)
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
Chapter 8 Configuring and Managing Shared Folder Security.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
IS2150/TEL2810: Introduction of Computer Security1 October 18, 2005 Introduction to Computer Security Lecture 6 Windows/Unix/Solaris 10 Design Principles.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Secure Design Principles.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
Engineering Secure Software. Key Principles  Principle of Least privilege  Defense in Depth  Obviously No Vulnerabilities (vs. No Obvious)  i.e. Assume.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Privilege Management Chapter 22.
Design Principles and Common Security Related Programming Problems
Computer Security: Principles and Practice
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
Security Principles.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
General Security Concepts
Access Control Model SAM-5.
Lecture 10: Security Design Principles
Security+ All-In-One Edition Chapter 1 – General Security Concepts
E0-256 Computer Systems Security Vinod Ganapathy Lecture 1: Introduction Slide #1-1 1.
Chapter3 Security Strategies.
Chapter 13: Design Principles
Chapter 1: Introduction
Chapter 13: Design Principles
Distrustful Decomposition
Figure 6-9: Managing Users and Groups
How to Mitigate the Consequences What are the Countermeasures?
Protection and Security
Design Principles and Security related problem
Computer Security: Art and Science, 2nd Edition
Outline Chapter 2 (cont) OS Design OS structure
Chapter 29: Program Security
Operating System Hardening
Chapter 13: Design Principles
Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.
Presentation transcript:

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation –Open Design –Separation of Privilege –Least Common Mechanism –Psychological Acceptability

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-2 Overview Simplicity –Less to go wrong –Fewer possible inconsistencies –Easy to understand Restriction –Minimize access –Inhibit communication

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-3 Examples The program sendmail –reads configuration data from a binary file –It is generated by compiling a text file –3 interfaces: edit the text file, compile the file, read the binary file by sendmail –May be different assumptions! Examples: Prisoners communications

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-4 Least Privilege A subject should be given only those privileges necessary to complete its task –Function, not identity, controls –Rights added as needed, discarded after use –Minimal protection domain –Example: in UNIX, root can do every thing! user who creates system backups can also delete files!

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-5 Fail-Safe Defaults Default action is to deny access If action fails, system as secure as when action began

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-6 Economy of Mechanism Keep it as simple as possible –KISS Principle Simpler means less can go wrong –And when errors occur, they are easier to understand and fix –testing process is less complex Interfaces and interactions –Example: finger protocol

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-7 Complete Mediation Check every access Usually done once, on first action –UNIX: access checked on open, not checked thereafter If permissions change after, may get unauthorized access

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-8 Open Design Security should not depend on secrecy of design or implementation –Popularly misunderstood to mean that source code should be public –“Security through obscurity” –Does not apply to information such as passwords or cryptographic keys

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-9 Separation of Privilege Require multiple conditions to grant privilege –Separation of duty: if two or more steps are required to perform a critical function, at least two different people should perform the steps –Defense in depth

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-10 Least Common Mechanism Mechanisms should not be shared –Information can flow along shared channels –Covert channels Isolation –Virtual machines –Sandboxes

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-11 Psychological Acceptability Security mechanisms should not add to difficulty of accessing resource –Hide complexity introduced by security mechanisms –Ease of installation, configuration, use –Human factors critical here

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-12 Key Points Principles of secure design underlie all security-related mechanisms Require: –Good understanding of goal of mechanism and environment in which it is to be used –Careful analysis and design –Careful implementation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.