(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Understand Database Security Concepts
Access Control Intro, DAC and MAC System Security.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.
Sharing Files Richard Newman based on Smith “Elementary Information Security”
Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
CS526: Information Security Chris Clifton October 16, 2003 Authentication.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Controlling Files Richard Newman based on Smith “Elementary Information Security”
CSCD 303 Essential Computer Security Winter 2014 Lecture 6 - Desktop Security.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Software Security and Security Engineering (Part 2)
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
MA194Using WindowsNT1 Topics for the day… WindowsNT Security WindowsNT File System (NTFS) Viewing/Setting Document and Folder Permissions Access Control.
Security Architecture of qmail and Postfix Authors: Munawar Hafiz Ralph E. Johnson Prepared by Geoffrey Foote CSC 593 Secure Software Engineering Seminar.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Design Principles and Common Security Related Programming Problems
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Security Principles.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
SE-1021 Software Engineering II
Lecture 10: Security Design Principles
Chapter3 Security Strategies.
CSCD 303 Essential Computer Security Fall 2017
Software Security II Karl Lieberherr.
IS3440 Linux Security Unit 3 User Account Management
Chapter 13: Design Principles
Chapter 1: Introduction
Chapter 13: Design Principles
COP 4343 Unix System Administration
Figure 6-9: Managing Users and Groups
How to Mitigate the Consequences What are the Countermeasures?
Computer Security: Art and Science, 2nd Edition
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Chapter 13: Design Principles
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Preventing Privilege Escalation
CS703 - Advanced Operating Systems
Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.
Presentation transcript:

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

Principles of Secure Design Least Privilege Fail Safe Defaults Economy of Mechanism Complete Mediation Defense in depth Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability

Principle of Least Privilege A subject should only be given the privileges it needs to complete its task and no more. The privileges should be controlled by the function, not the identity, similar to the right to know principle. For example, a cashier cannot write checks.

Principle of Fail-Safe Defaults Unless explicit access has been granted, access should be denied. Moreover, if a system is unable to complete a task, it should roll back to the start state, for safety. Example: A regular user may not modify other people's mail files; in addition, if the mail program cannot deliver mail, the only thing it can do is report failure.

Principle of Economy of Mechanism Security mechanisms should be as simple as possible. This way, it is easier to check for errors.

Principle of Complete Mediation All accesses to objects must be checked to ensure that they are still allowed.

Principle of Defense in Depth The more lines of defense there are against an attacker, the better the defense, specially if the additional line(s) are of different nature.

Principle of Open Design The security of a mechanism should not depend on the secrecy of its design or implementation. Specially important for crypto. Example DVD's

Principle of Separation of Privilege A system should not grant permission based on a single condition. Example: on BSD systems, su users must belong to the wheel group and know the root password.

Principle of Least Common Mechanism Mechanisms to access resources should not be shared (because they provide a haven for covert channels)‏

Principle of Psychological Acceptability Security mechanisms should not make it more difficult to access a resource. Examples: ssh, login mechanism

Exercises Which of these principles apply to operating systems, and which of them are followed by Linux/Unix? Which are followed by Windows? What would be the effect of checking EACH I/O file access for permission? Assume that each check would require an extra disk operation.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.