lecture 2 security principles(NOT IN BOOK)

economy of mechanism

-Keep the design as simple and small as possible -simplicity in the design and implementation of security measures - easy to fix errors because of simple design

secure the weakest link

-a software security system is only as strong as its weakest link -attackers go after the easy targets

Separation of privilege

-access to objects should depend on more than one condition being satisfied -This principle dictates that multiple conditions should be required to achieve access to restricted resources or have a program perform some action.

compartmentalize

-basic access building block is not all or nothing -minimize the amount of damage that can be done by breaking the system into units -very few OS do this because it is difficult to manage

ten design principles for protection mechanicsms

-economy of mechanism -fail-safe defaults -complete mediation -open design -separation of privilege -least privilege -least common mechanism -psychological acceptability -work factor -compromise recording

promote privacy

-often trades off against usability -system should forget credit card numbers but users hate having to type it in each time

use your community resources

-repeated use without failure promotes trust -public scrutiny promotes trust

principles for software security

-secure the weakest link -practice defense in depth -fail securely -follow the principle of least privilege -compartmentalize -keep it simple -promote privacy -remember that hiding secrets is hard -be reluctant to trust -use community resources

to make security friendly

-security should no impact users who obey the rules -it should be easy for users to give access -should be easy for users to restrict access established defaults should be reasonable

fail safe defaults

-states that the default configuration of a system should have a conservative protection scheme -example: new users should have minimal access -unfortunately, OS and apps often have default options that favor usability over security

practice defense in depth

-use diverse defensive strategies -if one later turns out to be inadequate, another layer will hopefully prevent a complete compromise

least privilege

Each program and user of a computer system should operate with the bare minimum privileges necessary to function properly. -

least common mechanism

In systems with multiple users, mechanisms allowing resources to be shared by more than one user should be minimized.

work factor

The cost of circumventing a security mechanism should be compared with the resources of an attacker when designing a security scheme. -for example, a system developed to protect a university database doesn't need to be as sophisticated as protecting military secrets

open design

The security architecture and design of a system should be made publicly available. -security should not depend on secrecy of the design -should be open for scrutiny by the community which leads to early discovery of vulnerabilities caused by design errors

compromise recording

This principle states that sometimes it is more desirable to record the details of an intrusion than to adopt more sophisticated measures to prevent it. -a security camera can protect a building without reinforcing doors and windows

four key elements to creating a practical security strategy

block attacks, updates defenses, minimize losses, and send secure information

complete mediation

every access to a resource must be checked for compliance with a protection scheme example: on an online banking website it should require users to sign on again every 15 minutes

psychological acceptability

users interfaces should be well designed and intuitive, easy to use, so that users routinely and automatically apply the mechanism correctly. otherwise, they will be bypassed.