Scribd
Upload
41 views

Information System Security

The document outlines 9 principles for designing secure information systems: 1. Use simple, small designs that are easier to thoroughly test and have fewer exploitable flaws. 2. Design security mechanisms in an open way so experts can review them rather than keeping them secret. 3. Require multiple techniques, like a password and smart card, to access restricted resources to mitigate attacks. 4. Give users and processes only the minimal privileges needed to perform their tasks.

Uploaded by

makangara22
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
41 views

Information System Security

The document outlines 9 principles for designing secure information systems: 1. Use simple, small designs that are easier to thoroughly test and have fewer exploitable flaws. 2. Design security mechanisms in an open way so experts can review them rather than keeping them secret. 3. Require multiple techniques, like a password and smart card, to access restricted resources to mitigate attacks. 4. Give users and processes only the minimal privileges needed to perform their tasks.

Uploaded by

makangara22
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

INFORMATION SYSTEM

SECURITY
DESIGN SECURE SYSTEMS
1. Economy of mechanism
The motivation for this principle is that relatively simple, small design
is easier to test and verify thoroughly. With a complex design, there are
many more opportunities for an adversary to discover subtle weaknesses
to exploit that may be difficult to spot ahead of time. The more complex
the mechanism, the more likely it is to possess exploitable flaws. Simple
mechanisms tend to have fewer exploitable flaws and require less
maintenance.
2. Open design

Means that the design of a security mechanism should be open rather


than secret. For example, although encryption keys must be secret,
encryption algorithms should be open to public scrutiny. The algorithms
can then be reviewed by many experts, and users can therefore have
high confidence in them.
3. Separation of privilege

This is defined in [SALT75] as a practice in which multiple privilege


attributes are required to achieve access to a restricted resource. A good
example of this is multifactor user authentication, which requires the
use of multiple techniques, such as a password and a smart card, to
authorize a user. This is used to mitigate the potential damage of a
computer security attack.
4. Least privilege
Means that every process and every user of the system should operate
using the least set of privileges necessary to perform the task.The
system security policy can identify and define the various roles of users
or processes. . Each permission specifies a permitted access to a
particular resource (such as read and write access to a specified file or
directory, connect access to a given host and port). Unless a permission
is granted explicitly, the user or process should not be able to access the
protected resource. More generally, any access control system should
allow each user only the privileges that are authorized for that user
5. Psychological acceptability
This implies that the security mechanisms should not interfere unduly
with the work of users, while at the same time meeting the needs of
those who authorize access. If security mechanisms hinder the usability
or accessibility of resources, then users may opt to turn off those
mechanisms. Where possible, security mechanisms should be
transparent to the users of the system or at most introduce minimal
obstruction
6. Isolation
This is a principle that applies in three contexts. First, public access
systems should be isolated from critical resources (data, processes, etc.)
to prevent disclosure or tampering. In cases where the sensitivity or
criticality of the information is high, organizations may want to limit the
number of systems on which that data is stored and isolate them, either
physically or logically. Second, the processes and files of individual
users should be isolated from one another except where it is explicitly
desired.
7. Modularity
In the context of security refers both to the development of security
functions as separate, protected modules and to the use of a modular
architecture for mechanism design and implementation. The design goal
here is to provide common security functions and services, such as
cryptographic functions, as common modules. With respect to the use of
a modular architecture, each security mechanism should be able to
support migration to new technology or upgrade of new features
without requiring an entire system redesign. The security design should
be modular so that individual parts of the security design can be
upgraded without the requirement to modify the entire system.
8. Least astonishment
Means that a program or user interface should always respond in the
way that is least likely to astonish the user. For example, the mechanism
for authorization should be transparent enough to a user that the user has
a good intuitive understanding of how the security goals map to the
provided security mechanism.
9. Ongoing monitoring and maintenance
Security is an ongoing process, and it is important to continuously
monitor and maintain your system.

You might also like