Fundamental Security Design Principles Quiz and Flashcards

Study Notes

Fundamental Security Design Principles

Economy of Mechanism: Design systems as simple and small as possible to reduce opportunities for security flaws.
Benefit: Simplified design makes it easier to test and verify security properties.
Examples: Prefer fewer lines of code or less complex protocols in software, and fewer physical points of entry in hardware.

Fail-Safe Defaults

Definition: The default state of a system, in the event of failure, should be secure.
Benefit: In case of a system failure, the system remains secure and does not expose resources to unauthorized users.
Examples: A firewall that by default blocks all traffic except that which is explicitly allowed.

Complete Mediation

Definition: Every access to a system's resources must be checked for authority.
Benefit: Prevents unauthorized access by ensuring that all accesses are authenticated and authorized.
Examples: A file system that checks permissions every time a file is accessed, not just the first time.

Open Design

Definition: A system's security should not depend on secrecy of its design or implementation.
Benefit: Allows for widespread review by experts, which can lead to identification and correction of flaws.
Examples: Cryptographic algorithms like AES or protocols like TLS that are open standards.

Separation of Privilege

Definition: A practice in which multiple privilege attributes are required to achieve access to a restricted resource.
Benefit: Reduces the risk of a single point of failure in security mechanisms.
Examples: Multi-factor authentication that requires both a password and a physical token.

Encapsulation

Definition: Objects encapsulate data and operations on data, providing interfaces and hiding their internal state.
Benefit: Allows for the internal structure to be changed without affecting other system parts, which can improve security.
Examples: Object-oriented programming where an object's data is not accessible directly, but only through its methods.

Modularity

Definition: Software is divided into separate modules that are developed independently but operate cohesively.
Benefit: Improves maintainability and comprehensibility, and allows for secure updates and patching of individual modules.
Examples: Plug-in architectures where individual modules or plug-ins can be added or updated independently.

Layering

Definition: Security is implemented in overlapping layers that provide protection even if one layer is breached.
Benefit: Provides depth in defense, as an attacker must penetrate multiple layers to compromise a system.
Examples: A network with firewalls, intrusion detection systems, and anti-malware technologies.

Least Astonishment

Definition: A principle that suggests users should not be surprised by the behavior of a system.
Benefit: Consistent and predictable system response to user actions.
Examples: A system that provides clear and consistent error messages and feedback.

Description

Explore the guidelines that form the 'Fundamental Security Design Principles' which assist in creating secure systems. Learn about concepts such as economy of mechanism, fail-safe defaults, complete mediation, open design, separation of privilege, least privilege, least common mechanism, and psychological acceptability.