Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • 13 PDF

    Încărcat de

    Keerthana Muniappan
    45 vizualizări11 pagini
    Chapter 13: Design Principles Overview Principles - -. - Economy of Mechanism complete Mediation open design Separation of privilege Least Common Mechanism Psychological Acceptability. A subject should be given only those privileges necessary to complete its task - Function, not identity, controls - Rights added as needed, discarded after use.

    Descriere originală:

    Titlu original

    13.pdf

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Chapter 13: Design Principles Overview Principles - -. - Economy of Mechanism complete Mediation open design Separation of privilege Least Common Mechanism Psychological Acceptability. A subject should be given only those privileges necessary to complete its task - Function, not identity, controls - Rights added as needed, discarded after use.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    45 vizualizări11 pagini

    13 PDF

    Încărcat de

    Keerthana Muniappan
    Chapter 13: Design Principles Overview Principles - -. - Economy of Mechanism complete Mediation open design Separation of privilege Least Common Mechanism Psychological Acceptability. A subject should be given only those privileges necessary to complete its task - Function, not identity, controls - Rights added as needed, discarded after use.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 11

    Chapter 13: Design Principles

    Overview Principles
    Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability
    Computer Security: Art and Science 2002-2004 Matt Bishop Slide #13-1

    June 1, 2004

    Overview
    Simplicity
    Less to go wrong Fewer possible inconsistencies Easy to understand

    Restriction
    Minimize access Inhibit communication
    June 1, 2004 Computer Security: Art and Science 2002-2004 Matt Bishop Slide #13-2

    Least Privilege
    A subject should be given only those privileges necessary to complete its task
    Function, not identity, controls Rights added as needed, discarded after use Minimal protection domain

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-3

    Fail-Safe Defaults
    Default action is to deny access If action fails, system as secure as when action began

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-4

    Economy of Mechanism
    Keep it as simple as possible
    KISS Principle

    Simpler means less can go wrong


    And when errors occur, they are easier to understand and x

    Interfaces and interactions

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-5

    Complete Mediation
    Check every access Usually done once, on rst action
    UNIX: access checked on open, not checked thereafter

    If permissions change after, may get unauthorized access

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-6

    Open Design
    Security should not depend on secrecy of design or implementation
    Popularly misunderstood to mean that source code should be public Security through obscurity Does not apply to information such as passwords or cryptographic keys

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-7

    Separation of Privilege
    Require multiple conditions to grant privilege
    Separation of duty Defense in depth

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-8

    Least Common Mechanism


    Mechanisms should not be shared
    Information can ow along shared channels Covert channels

    Isolation
    Virtual machines Sandboxes

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-9

    Psychological Acceptability
    Security mechanisms should not add to difculty of accessing resource
    Hide complexity introduced by security mechanisms Ease of installation, conguration, use Human factors critical here

    June 1, 2004

    Computer Security: Art and Science 2002-2004 Matt Bishop

    Slide #13-10

    Key Points
    Principles of secure design underlie all security-related mechanisms Require:
    Good understanding of goal of mechanism and environment in which it is to be used Careful analysis and design Careful implementation
    June 1, 2004 Computer Security: Art and Science 2002-2004 Matt Bishop Slide #13-11

    S-ar putea să vă placă și