Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Published byZachariah Meigs Modified over 9 years ago

Similar presentations

Presentation on theme: "November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe."— Presentation transcript:

1 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation –Open Design –Separation of Privilege –Least Common Mechanism –Psychological Acceptability

2 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-2 Overview Simplicity –Less to go wrong –Fewer possible inconsistencies –Easy to understand Restriction –Minimize access –Inhibit communication

3 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-3 Least Privilege A subject should be given only those privileges necessary to complete its task –Function, not identity, controls –Rights added as needed, discarded after use –Minimal protection domain

4 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-4 Fail-Safe Defaults Default action is to deny access If action fails, system as secure as when action began

5 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-5 Economy of Mechanism Keep it as simple as possible –KISS Principle Simpler means less can go wrong –And when errors occur, they are easier to understand and fix Interfaces and interactions

6 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-6 Complete Mediation Check every access Usually done once, on first action –UNIX: access checked on open, not checked thereafter If permissions change after, may get unauthorized access

7 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-7 Open Design Security should not depend on secrecy of design or implementation –Popularly misunderstood to mean that source code should be public –“Security through obscurity” –Does not apply to information such as passwords or cryptographic keys

8 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-8 Separation of Privilege Require multiple conditions to grant privilege –Separation of duty –Defense in depth

9 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-9 Least Common Mechanism Mechanisms should not be shared –Information can flow along shared channels –Covert channels Isolation –Virtual machines –Sandboxes

10 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-10 Psychological Acceptability Security mechanisms should not add to difficulty of accessing resource –Hide complexity introduced by security mechanisms –Ease of installation, configuration, use –Human factors critical here

11 November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-11 Key Points Principles of secure design underlie all security-related mechanisms Require: –Good understanding of goal of mechanism and environment in which it is to be used –Careful analysis and design –Careful implementation

Download ppt "November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe."

Similar presentations

Secure System Design and Access Control

Secure System Design and Access Control
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
ANDROID™ OS Security A brief synopsis of the Android Operating System and its security. By Daniel Angelis.

ANDROID™ OS Security A brief synopsis of the Android Operating System and its security. By Daniel Angelis.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.

1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.
Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Similar presentations

Ads by Google