Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.

Slides:

Advertisements

Similar presentations

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Advertisements

VM: Chapter 5 Guiding Principles for Software Security.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.

Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.

1 Privacy Enhancing Technologies Elaine Shi Lecture 4 Principles of System Security slides partially borrowed from Jonathan Katz.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

CSCD 303 Essential Computer Security Winter 2014 Lecture 6 - Desktop Security.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

Security & Usability Charles Frank. Convenience is the Antithesis to Security  Computer systems must employ mechanisms that are difficult to use!

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Software Security and Security Engineering (Part 2)

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Privilege separation in Condor Bruce Beckles University of Cambridge Computing Service.

Chapter 8 Configuring and Managing Shared Folder Security.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

IS2150/TEL2810: Introduction of Computer Security1 October 18, 2005 Introduction to Computer Security Lecture 6 Windows/Unix/Solaris 10 Design Principles.

Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

Privilege Management Chapter 22.

Design Principles and Common Security Related Programming Problems

Computer Security: Principles and Practice

Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.

Protection & Security Greg Bilodeau CS 5204 October 13, 2009.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

The Protection of Information in Computer Systems Jerome H. Saltzer and Michael D. Schroeder Presented by Derek Davis and Michael Deighan.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.

1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:

Security Principles.

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

1 Trusted OS Design CS461/ECE Reading Material Section 5.4 of Security in Computing.

Access Control Model SAM-5.

Lecture 10: Security Design Principles

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Chapter 14: System Protection

Chapter3 Security Strategies.

Software Security II Karl Lieberherr.

Chapter 13: Design Principles

Chapter 1: Introduction

Chapter 13: Design Principles

How to Mitigate the Consequences What are the Countermeasures?

Protection and Security

Computer Security: Art and Science, 2nd Edition

Outline Chapter 2 (cont) OS Design OS structure

Chapter 29: Program Security

Operating System Hardening

Chapter 13: Design Principles

Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.

Presentation transcript:

Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science

Slide #13-2 Reading Material Chapter 13 Computer Security: Art and Science

Slide #13-3 Overview Simplicity –Less to go wrong –Fewer possible inconsistencies –Easy to understand Restriction –Minimize access –Inhibit communication Saltzer and Schroeder 75

Slide #13-4 Summary of Principles Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of Privilege Least Privilege Least Common Mechanisms Psychological Acceptability

Slide #13-5 Economy of Mechanism Keep the design as simple and small as possible Simpler means less can go wrong –And when errors occur, they are easier to understand and fix Interfaces and interactions

Slide #13-6 Fail-Safe Defaults Base access decisions on permission rather than exclusion Burden of proof is on the principal seeking permission If the protection system fails, then legitimate access is denied but illegitimate access is also denied

Slide #13-7 Complete Mediation Every access to every object must be checked for authority Usually done once, on first action –UNIX: access checked on open, not checked thereafter If permissions change after, may get unauthorized access Proposals to gain performance by remembering the result of an authority check should be examined skeptically

Slide #13-8 Open Design The design should not be secret Do not depend on secrecy of design or implementation –Popularly misunderstood to mean that source code should be public –“Security through obscurity” –Does not apply to information such as passwords or cryptographic keys

Slide #13-9 Separation of Privilege Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. Require multiple conditions to grant privilege –Separation of duty –Defense in depth

Slide #13-10 Least Privilege Every program and every user of the system should operate using the least set of privileges necessary to complete the job A subject should be given only those privileges necessary to complete its task –Function, not identity, controls –Rights added as needed, discarded after use –Minimal protection domain

Slide #13-11 Least Common Mechanism Minimize the amount of mechanism common to more than one user and depended on by all users Mechanisms should not be shared –Information can flow along shared channels –Covert channels Isolation –Virtual machines –Sandboxes

Slide #13-12 Psychological Acceptability It is essential that the human interface be designed for ease of use so that users routinely and automatically accept the protection mechanisms correctly Security mechanisms should not add to difficulty of accessing resource –Hide complexity introduced by security mechanisms –Ease of installation, configuration, use –Human factors critical here

Slide #13-13 Examine Scenarios Paper overhead

Slide #13-14 Key Points Principles of secure design underlie all security-related mechanisms Require: –Good understanding of goal of mechanism and environment in which it is to be used –Careful analysis and design –Careful implementation