lecture4

lecture4 - Lecture 6: Security Design Principles* CS...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 6: Security Design Principles * CS 392/6813: Computer Security Fall 2010 Nitesh Saxena * Adopted from a previous lecture by Nasir Memon 2 Design Principles for Secure Systems ± Two basic themes: ± Simplicity – KISS ± Makes design and interactions easy ± Easy to prove its safety ± Restriction ± Minimize the power of entities
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
3 Principles of design 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 4 Principle of least privilege ± Entity should be given only those privilege needed to finish a task ± Temporary elevation of privilege should be relinquished immediately ± Granularity of privileges ± Append permission only for logging process.
Background image of page 2
5 Principle of fail-safe defaults ± Unless a subject is given explicit access to an object, it should be denied access to the object. ± Default access to an object is none ± Access Control Lists (ACLs), firewall examples. ± Restricting privileges at the time of creation 6 Principle of economy of mechanism ± Security mechanism should be as simple as possible. ± Fewer errors ± Testing and verification is easy ± Assumptions are less ± Interface to other modules ± Implicit assumptions of modules ± Finger example
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
7 Principle of complete mediation ± All accesses to objects should be checked to ensure they are allowed. ± UNIX file descriptor ± DNS cache poisoning. ± Restrict caching policies ± Security vs. performance issues 8 Principle of open design ± Security of a mechanism should not depend upon secrecy of its design or implementation (why not?) ± Secrecy != security ± Complexity != security ± “Security through obscurity” ± Cryptography and openness
Background image of page 4
9 Principle of separation of privilege ± System should not grant permission based on single condition ± Company checks over $75,000 to be signed by two officers. ± Example: “su” on BSD requires
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 11

lecture4 - Lecture 6: Security Design Principles* CS...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online