Main-
Economy of mechanism: Keep the design as simple and small as possible.
-
Fail-safe defaults: Base access decisions on permission rather than exclusion.
-
Complete mediation: Every access to every object must be checked for authority
-
Open design: The design should not be secret.
-
Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
Application of design principle: avoid highly privileged accounts like root/administrator that are attractive targets for attacks
-
Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
-
Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users.
Application of design principle: Reduce amount of privileged code in libraries that needs to be reviewed.
-
Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly.
-
Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker.
Application of design principle: increase costs to find and exploit software vulnerabilities (costs = training, skills, tools, computation, hardware)
But: might not hold in software security owing to automation -
Compromise recording: In computer systems, mechanisms that reliably record that a compromise has occurred are used rarely, since it is difficult to guarantee discovery once security is broken
Application of design principle: enable logging and (automatically) analyse logs to detect attacks