Princples: Designing Secure Systems

Topics and Goals

• Authorization mechanisms
  • Goal: Explain different mechanisms
  • Goal: Compare & contrast
• Design principles for secure systems
  • Goal: Justify fundamental security principles
  • Goal: Apply them to the analysis of novel situations

Principles of Access Control

• What are the three components of an access control model?
• How does UNIX compare to AFS?
• How do we interpret an access matrix?
• How does Discretionary access control compare with Mandatory access control?
  • When should we use one vs. the other?
• How do access control lists (ACLs) work?
• How do capabilities work?
• ACLs vs. capabilities
  • How do they compare in expressive power?
  • When should we use one vs. the other?

General Design Principles

• Summary:
  • Economy of mechanism a.k.a KISS
  • Fail-safe defaults
  • Don’t rely on security by obscurity
  • Complete mediation
  • Least privilege
  • Separation of privilege
  • Defense in depth
  • Factor in users/acceptance/psychology
  • Work factor/economics
• Why is each one important?
• Give a positive and negative example of each