Security Design Principles
Learned in SE464.
Three questions to check before performing a requested action:
- Authenticity: is the requester who they claim to be?
- Integrity: has the request been tampered with?
- Authorization: is the requester allowed to do this?
Core Principles
- Least Privilege: give each component only the privileges it requires
- Fail-safe Defaults: deny access if explicit permission is absent
- Economy of Mechanism: adopt simple security mechanisms
- Complete Mediation: ensure every access is permitted (no caching of authorization decisions)
- Open Design: do not rely on secrecy for security
- Separation of Privilege: introduce multiple parties to avoid exploitation of privileges
- Least Common Mechanism: limit critical resource sharing to only a few mechanisms
- Psychological Acceptability: make security mechanisms usable
- Defense in Depth: have multiple layers of countermeasures
Defense in Depth examples
- Website protection
- Network security
- Account security
- Physical security
- Administrative controls