2-Security Design Principles

Security Design Principles and Security Planning

Least Privilege

Always provide the bare minimum privilege to a program or user to function properly. If they do not require access/premissions of some data to function then do not grant it to them.

Temporary elevation of privilege should be relinquished immediately

There should be granularity of privileges

Advantage

  • Abuse of privilege is restricted
  • Damage caused by compromised user or application is reduced

Separation of Privilege

The access to a resource should be divided across multiple users or components to prevent a single entity from having enough control to compromise a system or Multiple conditions need to be met in order to gain access to a given process or object For example, two persons required to sign a cheque , password login + OTP verification to perform banking transaction

Fail-safe Defaults

The default configuration of a system should have a conservative approach In case of system failure, everyone should be restricted by default to access information or resources.

Complete Mediation

Instead of one-time check, every access to a resource must be checked for compliance with a protection scheme. Do not rely on caching of access information For example: On every transaction user should be verified instead of only verifying the first time. Security vs perfomance dilemma exists when complete mediation is achieved

Open Design

Design of security mechanism should be open rather than secret so that many experts can review it and help in it’s improvement. For examples Linux is open source and is generally considered more secure than Windows due to it’s open source nature.

Economy of Mechanism

The principle of economy of mechanism in security dictates that security mechanisms should be designed to be as simple and small as possible to minimize vulnerabilities and errors. Simplicity makes systems easier to understand, audit, test, and maintain, leading to more secure and cost-effective designs compared to complex alternatives. Adopting this principle, also known as the “KISS” (Keep It Simple, Stupid) principle, reduces the likelihood of design flaws and misconfigurations, making systems inherently more robust

Psychological Acceptability

  • Ease of Access Security mechanism should not make the resources difficult to access
  • User-Friendly Interface User Interface should be well designed and intuitive
  • User Expectations Security related setting should consider expectation of ordinary user

Least Common Mechanism

Minimize the mechanisms and resources shared across multiple users or processes. By reducing common components and favoring isolation or unique resources for distinct functions, it prevents unintentional information sharing and reduces the attack surface, thereby improving overall system security.