Princples: Designing Secure Systems
Topics and Goals
- Authorization mechanisms
- Goal: Explain different mechanisms
- Goal: Compare & contrast
- Design principles for secure systems
- Goal: Justify fundamental security principles
- Goal: Apply them to the analysis of novel situations
Principles of Access Control
- What are the three components of an access control model?
- How does UNIX compare to AFS?
- How do we interpret an access matrix?
- How does Discretionary access control compare with Mandatory access control?
- When should we use one vs. the other?
- How do access control lists (ACLs) work?
- How do capabilities work?
- ACLs vs. capabilities
- How do they compare in expressive power?
- When should we use one vs. the other?
General Design Principles
- Summary:
- Economy of mechanism a.k.a KISS
- Fail-safe defaults
- Complete mediation
- Separation of privilege
- Least privilege
- Factor in users/acceptance/psychology
- Work factor/economics
- Detect if you can’t prevent
- Don’t rely on security by obscurity
- Why is each one important?
- Give a positive and negative example of each