We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byZachariah Meigs
Modified over 2 years ago
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation –Open Design –Separation of Privilege –Least Common Mechanism –Psychological Acceptability
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-2 Overview Simplicity –Less to go wrong –Fewer possible inconsistencies –Easy to understand Restriction –Minimize access –Inhibit communication
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-3 Least Privilege A subject should be given only those privileges necessary to complete its task –Function, not identity, controls –Rights added as needed, discarded after use –Minimal protection domain
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-4 Fail-Safe Defaults Default action is to deny access If action fails, system as secure as when action began
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-5 Economy of Mechanism Keep it as simple as possible –KISS Principle Simpler means less can go wrong –And when errors occur, they are easier to understand and fix Interfaces and interactions
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-6 Complete Mediation Check every access Usually done once, on first action –UNIX: access checked on open, not checked thereafter If permissions change after, may get unauthorized access
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-7 Open Design Security should not depend on secrecy of design or implementation –Popularly misunderstood to mean that source code should be public –“Security through obscurity” –Does not apply to information such as passwords or cryptographic keys
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-8 Separation of Privilege Require multiple conditions to grant privilege –Separation of duty –Defense in depth
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-9 Least Common Mechanism Mechanisms should not be shared –Information can flow along shared channels –Covert channels Isolation –Virtual machines –Sandboxes
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-10 Psychological Acceptability Security mechanisms should not add to difficulty of accessing resource –Hide complexity introduced by security mechanisms –Ease of installation, configuration, use –Human factors critical here
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-11 Key Points Principles of secure design underlie all security-related mechanisms Require: –Good understanding of goal of mechanism and environment in which it is to be used –Careful analysis and design –Careful implementation
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
1 Design Principles CS461 / ECE422 Spring Overview Simplicity Less to go wrong Fewer possible inconsistencies Easy to understand Restriction.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
(Breather) Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Design Principles and Common Security Related Programming Problems
1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.
1 Saltzer  and later Saltzer and Schroeder  list the following principles of the design of secure protection systems, which are still valid:
Software Security and Security Engineering (Part 2)
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.
IS2150/TEL2810: Introduction of Computer Security1 October 18, 2005 Introduction to Computer Security Lecture 6 Windows/Unix/Solaris 10 Design Principles.
ANDROID™ OS Security A brief synopsis of the Android Operating System and its security. By Daniel Angelis.
Chapter 1 Introduction 1 Overview What is a secure computer system? Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Secure Design Principles secure the weakest link reduce the attack surface practice defense in depth minimize privilege compartmentalize fail.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
Secure Design Principles CSC 482/582: Computer SecuritySlide #1.
Principles of Computer Security, Fourth Edition Copyright © 2016 by McGraw-Hill Education. All rights reserved. General Security Concepts Chapter 2.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Engineering Secure Software. Key Principles Principle of Least privilege Defense in Depth Obviously No Vulnerabilities (vs. No Obvious) i.e. Assume.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.
CSCD 303 Essential Computer Security Winter 2014 Lecture 6 - Desktop Security.
Threat modeling Aalto University, autumn 2011.
Secure System Design and Access Control
The Protection of Information in Computer Systems Jerome H. Saltzer and Michael D. Schroeder Presented by Derek Davis and Michael Deighan.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
VM: Chapter 5 Guiding Principles for Software Security.
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 14, 2003 Introduction to Computer Security Lecture.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
© 2017 SlidePlayer.com Inc. All rights reserved.