Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
263 views20 pages

Security Design Principles

The document outlines several security design principles: 1) Economy of mechanism - security measures should be as simple as possible to avoid exploitable flaws. 2) Fail-safe default - access decisions should be based on permission rather than exclusion. 3) Complete mediation - every access must be checked against the access control mechanism and systems should not rely on cached access decisions.

Uploaded by

roshanak attar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
263 views20 pages

Security Design Principles

The document outlines several security design principles: 1) Economy of mechanism - security measures should be as simple as possible to avoid exploitable flaws. 2) Fail-safe default - access decisions should be based on permission rather than exclusion. 3) Complete mediation - every access must be checked against the access control mechanism and systems should not rely on cached access decisions.

Uploaded by

roshanak attar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

Masoud Sagharichian

Security Design Principles

• Economy of mechanism:
• design of security measures should be as simple and small as possible
• The more complex the mechanism, the more likely it is to possess
exploitable flaws
• Fail-safe default:
• access decisions should be based on permission rather than exclusion
• Complete mediation:
• every access must be checked against the access control mechanism
• Systems should not rely on access decisions retrieved from a cache
• Complete mediation:
• every access must be checked against the access control mechanism

The possible moves :
 Attacks to integrity
 Data counterfeiting
 Attacks to confidentiality
 Weak and strong information theft
 Attacks to the quality of service
 (Distributed) Denial of service
 can define 3 levels of impact from a security
breach
 Low
 Moderate

 High
 confidentiality – student grades
 Grade information
 Student enrollment information
 Directory information
 integrity
 Patient allergy information
 Web site that offers a forum to registered users to discuss some specific topic
 anonymous online poll
 availability
 authentication service
 Web site for a university
 telephone directory lookup
1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system
 ITU-T X.800 “Security Architecture for OSI”
 defines a systematic way of defining and
providing security requirements
 for us it provides a useful, if abstract, overview
of concepts we will study
 Security attack
 Any action that compromises the security of information owned by an
organization
 Security mechanism
 A process that is designed to detect, prevent, or recover from a security
attack
 Security service
 A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization.
The services are intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
Passive Attacks
 attempts to learn or make use of information from the system but
does not affect system resources
 release of message contents
 common technique for masking contents is encryption
 traffic analysis
 could determine the location and identity of communicating hosts and
could observe the frequency and length of messages being exchanged
 very difficult to detect - do not involve any alteration of the data
 feasible to prevent the success of these attacks
Active Attacks
 some modification of the data stream or the creation of a false
stream
 masquerade
 place when one entity pretends to be a different entity
 Replay
 involves the passive capture of a data unit and its subsequent
retransmission
 Modification of messages
 some portion of a legitimate message is altered
 denial of service
 prevents or inhibits the normal use or management of
communications facilities
 quite difficult to prevent active attacks
 detect active attacks and to recover from
 authentication:
a communication is authentic
• Peer entity authentication

at the establishment of or during the data transfer phase of a


connection
is not performing either a masquerade or an unauthorized replay
of a previous connection
• Data origin authentication

corroboration of the source of a data unit


does not provide protection against the duplication or modification
of data units
 access control:
ability to limit and control the access to host systems and applications
To achieve this, each entity trying to gain access must first be identified
 Data Confidentiality:
protection of transmitted data from passive attacks
• All user data on a connection

• All user data on a message

• Selected fields

• Traffic-flow
 Data Integrity:
assures that messages are received as sent with no duplication, insertion,
modification, reordering, or replays. The destruction of data is also
covered
• All user data on a connection

• All user data on a message

• Selected fields
 Nonrepudiation:
prevents either sender or receiver from denying a transmitted message

You might also like