Download presentation
1
Security Principles
2
Simplicity Keep it simple.
Simplicity is desirable for all aspects of system design and development, for operation and maintenance as well as for security mechanisms. Simpler systems are less likely to contain flaws than complex ones. Moreover, simpler systems are easier to analyze and review, and it is thus easier to establish their trustworthiness. a small and simple design is essential
3
Open Design The security of a system should not depend on the secrecy of its protection mechanisms. Example 1.1. We do not design doors that only authorized persons know how to open and close. Instead, we design standardized doors with standardized locks (both with different protection levels) and rely on the protection of the associated key.
4
Compartmentalization
Organize resources into isolated groups of similar needs. Compartmentalization means organizing resources into groups (also called compartments or zones), each of which is isolated from the others, except perhaps for some limited and controlled means of exchanging information. The principle of compartmentalization is applied in different areas in computer science, for example, in programming, where functions and variables are grouped and put into separate modules or classes.
6
Minimum Exposure Minimize the attack surface a system presents to the adversary. 1. Reduce external interfaces to a minimum. 2. Limit the amount of information given away. 3. Minimize the window of opportunity for an adversary, for example, by limiting the time available for an attack.
8
Least Privilege Any component (and user) of a system should operate using the least set of privileges necessary to complete its job. The principle states that privileges should be reduced to the absolute minimum. As a consequence subjects should not be allowed to access objects other than those really needed to complete their jobs.
10
Minimum Trust and Maximum Trustworthiness
Minimize trust and maximize trustworthiness.
11
Secure, Fail-Safe Defaults
The system should start in and return to a secure state in the event of a failure.
13
Complete Mediation Access to any object must be monitored and controlled.
15
No Single Point of Failure
Build redundant security mechanisms whenever feasible.
17
Traceability Log security-relevant system events.
Example Many hard-copy forms in companies have an audit trail. Invoices in particular may require signatures, stamps and other information as they flow through the administrative processes. They are archived afterwards so that it is later possible to determine who checked an invoice or who cleared it.
18
Generating Secrets Maximize the entropy of secrets.
19
Usability Design usable security mechanisms. Example 1.19.
Most end users do not understand cryptographic mechanisms. They do not understand what a certificate is, its intended use and how to verify the authenticity of a server certificate. As a consequence, it is possible to impersonate a web server even in settings where server certificates are used.
20
Discussion
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.