Question

What are the security design principles? Explain each with an appropriate example.

Answer 1

`Hey,

Note: Brother if you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

Least Privilege

The principle of least privilege means that an individual or a process should be given the minimum level of privileges to access information resources in order to perform a task. This will reduce the chance of unauthorized access to information. For example, if a user only needs to read a file, then he should not be given the permission to modify the file.

Separation of Duties

The principle of separation of duties means that when possible, you should require more than one person to complete a critical task.

The primary objective of separation of duty is the prevention of fraud and errors. This objective is achieved by distributing the tasks and associated privileges to perform the tasks among multiple individuals.

An example of separation of duties is the requirement of two signatures on a cheque.

Defense in Depth

The principle of defense in depth means that where one security control would be reasonable, more security controls that mitigate risks in different ways are better.

For example, the administrative interface to your web site can be protected by login credentials (authentication). It can be further protected by denying direct access from public Internet (only accessible from internal network). To make the administrative interface even more secure, you can enable audit logging of all user logins, logouts, and all important user activities.

Fail Safe

The principle of fail safe means that if a system fails, it should fail to a state where the security of the system and its data are not compromised.

For example, the following pseudo-code is not designed to be fail-safe, because if the code fails at “codeWhichMayFail”, the user will be assumed to be an admin by default. This is obviously a security risk:

isAdmin = true;

try {

codeWhichMayFail();

isAdmin = isUserInRole( “Administrator” );

}

catch (Exception ex) {

log.write(ex.toString());

}

The fail-safe design would be something like below, where if the code fails at “codeWhichMayFail”, the user will NOT be assumed to be an admin by default and hence gain access to resources only admin can access:

isAdmin = false;

try {

codeWhichMayFail();

isAdmin = isUserInRole( “Administrator” );

}

catch (Exception ex) {

log.write(ex.toString());

}

Economy of Mechanism

Economy of mechanism means that information system designers should keep the design as simple and small as possible. This well-known principle applies to any aspect of a system. The rationale behind this principle is that it is relatively easy to spot functional defects as well as security holes in simple designs and simple systems. However, it is usually very hard to identify problems in complex designs and complex systems.

Complete Mediation

Complete mediation means that every access to every data object must be checked for identification, authentication, and authorization. This principle forces a system-wide central point of access control. This security principle requires complete access control of every request whether the information system is undergoing initialization, recovery, shutdown, or maintenance.

Open Design

The security principle of open design means that security designs that are open to scrutiny and evaluation by the public security community at large are in general more secure than obscure security designs that are proprietary and little known to the public. The rationale behind this principle is that weaknesses in the open designs will have a better chance of been caught and corrected.

Least Common Mechanism

The security principle of least common mechanism means that you should try to minimize the mechanisms shared by multiple subjects to gain access to a data resource.

For example, serving an application on the Internet allows both attackers and users to share the Internet to gain access to the application. If the attackers launch a DDOS attack and over-load the application, the legitimate users will be unable to access the application.

Another example: serving the same login page for your employees, customers, and partners to login to your company portal. The login page thus must be designed to the satisfaction of every user, which is a job presumably harder than having to satisfy only one or a few users. A better design based on the “least common mechanism” principle would be to implement different login pages for different types of users.

Psychological Acceptability

Psychological acceptability refers to the ease of use of the user interface of any security control mechanism such as authentication, password reset, password complexity, etc. The more user friendly the interface is, the less likely the user will make a mistake in using the security control and expose the system to security breaches.

Weakest Link

The weakest link principle requires that in designing security for a system, focus should be put on the weakest components of the overall system, because just as the old saying goes, “a chain is only as strong as its weakest link”.

Leveraging Existing Components

The security principle of leveraging existing components requires that when introducing new system into the environment, you should review the state and settings of the existing security controls in the environment and ensure that they are being used by the new system to be deployed.

Kindly revert for any queries

Thanks.