COMP2700 - Week 2 - Security Principles

Table of Contents

• Principles
• I. Simplicity
• II. Open Design
• III. Compartmentalisation
• IV. Minimum Exposure
• V. Least Privilege
• VI. Minimum Trust and Maximum Trustworthiness
• Trusted vs Trustworthy System
• VII. Secure, Fail-safe Defaults
• VIII. Complete Mediation
• IX. No Single Point of Failure
• X. Traceability
• XI. Generating Secrets
• XII. Usability

---

Hard and fast rules for security engineering do not exist.

Principles

I. Simplicity

Keep it simple

• Simple systems are less likely to contain flaws/bugs and are easier to analyse and verify.
  • Easier to establish trustworthiness

II. Open Design

The security of a system should not depend on the secrecy of its protection mechanisms

• I.e. should be secure even if all aspects (except the keys) are public knowledge

• Secrets are hard to protect -> Minimise

III. Compartmentalisation

Resources should be organised into isolated groups of similar needs

• Simplification and less duplication of resources

• Isolated attacks

IV. Minimum Exposure

Minimise attack surface a system presents to the adversary

• Minimise external interfaces to a minimum

• Limit accessible information + window of opportunities

V. Least Privilege

Any component (and user) should operate using the least set of privileges to complete its job

• Need-to-know basis

VI. Minimum Trust and Maximum Trustworthiness

Least amount of trust, maximum trustworthiness

• Trust should be avoided whenever possible

• Trust is transitive

Trusted vs Trustworthy System

• A failure in a trusted system can break security policy

• A trustworthy system is unlikely to fail

• A trusted system is not necessarily trustworthy

VII. Secure, Fail-safe Defaults

Secure start and return in event of failure

• Whitelist approach should be taken

VIII. Complete Mediation

Object access must be monitored and controlled

• All object states must be controlled and monitored

IX. No Single Point of Failure

Build redundant security mechanisms whenever possible

• 'Defence in depth'

• Redundancy degree determined on basis of a cost-benefit analysis

X. Traceability

Log security-relevant system events

• Logs must be backed up and integrity assured

XI. Generating Secrets

Maximise entropy of secrets

• Helps prevent brute-force, dictionary or guessing attacks

XII. Usability

Design usable security mechanisms

• Easy to use security mechanisms

---

So Oranges Can Melt Like My Ttrue Scented Candles Not Through Green Urine