3.3 Goals and Principles - Design Principles for Secure Systems Flashcards Preview

HCISSP ISC2 > 3.3 Goals and Principles - Design Principles for Secure Systems > Flashcards

Flashcards in 3.3 Goals and Principles - Design Principles for Secure Systems Deck (12)
Loading flashcards...
1
Q

What does the principle “Economy of Mechanism” mean ?

A

keep the design as simple and small as possible

2
Q

What does the principle “Fail-safe defaults” mean ?

A

Base access decisions on permission rather than exclusion

3
Q

What does the principle “Complete mediation” mean ?

A

Every access to every object must be checked for authority.

4
Q

What does the principle “Open design” mean ?

A

The design should not be secret.

5
Q

What does the principle “Separation of privilege” mean and include ?

A

Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.

avoid highly privileged accounts like root/administrator that are attractive targets for attacks

6
Q

What does the principle “Least privilege” mean ?

A

Every program and every user of the system should operate using the least set of privileges necessary to complete the job.

7
Q

What does the principle “Least common mechanism” mean and include?

A

Minimize the amount of mechanism common to more than one user and depended on by all users

Reduce amount of privileged code in libraries that needs to be reviewed.

8
Q

What does the principle “Psychological acceptability” mean ?

A

It is essential that the human interface be designed for ease of use, so that usersroutinely and automatically apply the protection mechanisms correctly.

9
Q

What does the principle “Work factor” mean and include ?

A

Compare the cost of circumventing the mechanism with the resources of a potential attacker.

increase costs to find and exploit software vulnerabilities (costs = training, skills, tools, computation, hardware)

10
Q

What does the principle “Compromise recording” mean and include ?

A

It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.

enable logging and (automatically) analyse logs to detect attacks

11
Q

name the 8 basic design principles by Saltzer/Schroeder.

A
  • Economy of mechanism
  • Fail-safe defaults
  • Complete mediation
  • Open design
  • Separation of privilege
  • Least privilege
  • Least common mechanism
  • Psychological acceptability
12
Q

What are the additional two mechanisms which expand

Saltzer/Schroeder ?

A
  • Work factor

- Compromise recording

Decks in HCISSP ISC2 Class (56):