This material was developed with funding from the
National Science Foundation under Grant # DUE 1601612
Bob is a software developer. His ultimate goal is to create a design that does the task intended, is efficient, effective and usable. Bob uses security design principles to help him achieve the main tenets of information security—confidentiality, integrity, and availability of the system, sub-system, and system data.
Minimize Trust Surface
(Reluctance to Trust)
Good Design Principles
Bob will subdivide a system into smaller parts or modules that can be independently created and then used in several systems. The development of security functions as separate, protected modules.
Simplicity of Design
Simplicity of Design
(Economy of Mechanism)
When Bob designs a security measure, it should be as simple and small as possible.
Bob will use multiple, overlapping protection approaches to address the people, technology, and operational aspects of information systems. Defense in depth protects with a series of security mechanisms so that if one fails, others will be in place.
Procedures & Awareness
(Defense in Depth)
Users in a child domain cannot see or manage records in a parent domain.
Domain B: Database Chicago
Domain C: Database Houston
Bob uses a practice in which multiple privilege attributes are required to achieve access to a restricted resource. Data and/or systems are separated into logically-defined domains, and communication between domains must be authorized.
Domain D: Database Dallas
Users in Domain A, the parent domain can
see and manage records in Domain B, C, and D (the child domains)
Fail Safe Defaults/Fail Secure
Bob must check every access against the access control setting to ensure that access is allowed.
General Employee Role
Bob will ensure that every process and every user of the system should operate using the least set of privileges necessary to perform the task.
So the username is correct!
Bob will make access decisions based on permission rather than exclusion. If a hacker enters the wrong information, the system should reject the attempt with a message stating that the login failed and not state that just the password was incorrect.
Fail Safe Defaults/
Bob can use a specific form of isolation based on object-oriented functionality. Encapsulation hides the values or state of a structured data object inside a class (a domain of its own), preventing any direct access by unauthorized parties.
Bob wants to make sure that his users can easily use and quickly learn a tool, device, or software.
Bob knows that the design of a security mechanism should be open and not depend on the secrecy of the design details or implementation.
For example, RSA is an asymmetric encryption algorithm based on the principle that it is easy to multiply large numbers, but factoring large numbers is difficult. The public key consists of two numbers. One number is the result of multiplying two large prime numbers. The private key is derived from the same two prime numbers. The difficulty in factoring large numbers is what keeps the key pair secure.
Bob realizes that a program or user interface should always respond in the way that is least likely to astonish the user. When Microsoft removed the Start button from its operating system, Microsoft released an updated version adding the Start button back.
No start button
Bob must maintain a Trust Boundary. The issues in establishing trust include the following:Authenticating the other endpoint to prevent masqueradingEnsuring the security of the communication to maintain the confidentiality of the dataPreventing data tampering to maintain the integrity of the data
Trust must be created, not assumed. There should be clear distinctions between privilege levels when Bob accesses resources. If Bob logs in and is authenticated, he must also have authorization to access a resource.
The design does not depend on the secrecy of the design details
The user interface responds as expected
Quiz 1 of 10
Software that users learn quickly and is easy to use
Minimize Trust Surface
Boundaries exist to prevent masquerading and to maintain confidentiality and integrity
Drag each term to its appropriate description.
Clear distinctions between privilege levels exist (i.e., authentication AND authorization)
Bob knows that public access systems should be isolated from critical resources (data, processes, etc.) to prevent disclosure or tampering.
Operating systems use various hardware and software technologies to enforce process isolation. For example, the processes and files of individual users should be isolated from one another except where it is explicitly desired.
multiple privilege attributes are required to achieve access to a restricted resource
Fail Safe Defaults
Protection is provided by having a collection of procedures in a domain of its own
access decisions based on permission rather than exclusion
every access is checked against the access control setting to ensure that access is allowed
Quiz 2 of 10
privileges granted to perform the required task
Quiz 3 of 10
What design principle is illustrated?
Simplicity of design
A system should be subdivided into smaller parts that can be independently created and then used in several systems.
Quiz 4 of 10
Bob works at a small company. When he enters the building, he has access to all rooms. Which principles of security is the company violating with this practice?
Select all possible answers.
Quiz 5 of 10
What design principle does the lock pictured above violate?
Quiz 6 of 10
Bob designed an administrative interface that grants access to production management networks, checks for administrative user authorization, and logs all access. Which of the following best describe the security principle that Bob has employed?
Defense in depth
“The security of a mechanism should not depend on the secrecy of its design or implementation” describes which of the following principles?
Quiz 7 of 10
This security principle maintains confidentiality, integrity and availability by defaulting to a secure state and unless a user is given explicit access to an object, that user is denied access to that object.
Quiz 8 of 10
Quiz 9 of 10
Bob is verifying that all pages and resources by default in his web application require authentication except those specifically intended to be public. What design principle does this describe?
Drag the cybersecurity principle into its proper category.