Podcast
Questions and Answers
What principle states that a system should be secure even if the adversary knows everything about its design and implementation?
What principle states that a system should be secure even if the adversary knows everything about its design and implementation?
- Open Design (correct)
- Defense in Depth
- Least Privilege
- Economy of Mechanism
Which concept refers to ensuring that subjects have the least amount of authority necessary to perform tasks successfully?
Which concept refers to ensuring that subjects have the least amount of authority necessary to perform tasks successfully?
- Least Privilege (correct)
- Complete Mediation
- Fail-Safe Defaults
- Defense in Depth
In the context of security principles, what does 'security through obscurity' contrast with?
In the context of security principles, what does 'security through obscurity' contrast with?
- Complete Mediation
- Economy of Mechanism
- Open Design (correct)
- Defense in Depth
What principle suggests that a system's security should not be compromised even if runtime parameters like secret keys are known?
What principle suggests that a system's security should not be compromised even if runtime parameters like secret keys are known?
Which security principle is most closely aligned with the idea of subjects having only the minimum necessary authority for operations?
Which security principle is most closely aligned with the idea of subjects having only the minimum necessary authority for operations?
In terms of security principles, what does the principle of 'security through obscurity' rely on?
In terms of security principles, what does the principle of 'security through obscurity' rely on?
What is the main focus of the KISS principle in security mechanisms?
What is the main focus of the KISS principle in security mechanisms?
How does a micro-kernel OS differ from a monolithic operating system in terms of security?
How does a micro-kernel OS differ from a monolithic operating system in terms of security?
What is the primary implication of fail-safe defaults in terms of system security?
What is the primary implication of fail-safe defaults in terms of system security?
What does complete mediation require in terms of access to objects?
What does complete mediation require in terms of access to objects?
How does the concept of 'Defense in Depth' contribute to system security?
How does the concept of 'Defense in Depth' contribute to system security?
Why is 'Economy of Mechanism' considered a fundamental security principle?
Why is 'Economy of Mechanism' considered a fundamental security principle?
What does the principle of 'Least Common Mechanism' aim to do?
What does the principle of 'Least Common Mechanism' aim to do?
Why is it important to minimize sharing of resources between users?
Why is it important to minimize sharing of resources between users?
What is the main consideration behind 'Psychological Acceptability' in security mechanisms?
What is the main consideration behind 'Psychological Acceptability' in security mechanisms?
Which of the following is NOT one of the four basic security approaches discussed in the text?
Which of the following is NOT one of the four basic security approaches discussed in the text?
How many basic security approaches are outlined under 'Implementing Security' in the text?
How many basic security approaches are outlined under 'Implementing Security' in the text?
Flashcards are hidden until you start studying
Study Notes
Security Principles
- The KISS principle: Keep it simple, stupid, to reduce the attack surface and increase trust in security mechanisms.
Micro-kernel OS
- A micro-kernel OS has a small attack surface, as the kernel only contains critical functionality.
- All "extra" functionality runs in separate processes or kernel modules.
- Examples: GNU Hurd, seL4 (formally verified).
Fail-Safe Defaults
- A system should have a conservative protection scheme by default (secure "out-of-the-box").
- Users should "opt-in" to less-secure configurations.
- Examples: default username and password settings.
Complete Mediation
- Every access to every object must be checked for authorization.
- Incomplete mediation implies a path exists to bypass a security mechanism.
- Example: Windows checks credentials when accessing a computer, but not when accessing through the printer setup process.
Open Design
- The security of a mechanism should not depend on the secrecy of its design or implementation.
- A system should be secure even if the adversary knows everything about its design and implementation.
- Contrast with "security through obscurity".
Least Privilege
- Subjects should possess the bare minimum authority needed to operate successfully.
- Closely related to separation of privilege.
- Examples: Linux users are not given root or sudo permissions by default, unlike Windows 98.
Least Common Mechanism
- Minimize the amount of mechanism common to more than one user.
- Shared resources represent a potential information path between users and can be abused to leak information.
Psychological Acceptability
- A security mechanism should not make the resource more complicated to access compared to the non-secure case.
- Recognizes the human element in computer security: humans prefer convenience.
Security Approaches
- Four basic approaches to system security: Avoidance, Detection, Prevention, and Recovery + Forensics.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
