Fundamental Principles

csed

This knowledge unit introduces the principles that underlie both design and implementation. The first five are restrictiveness principles, the next three are simplicity principles, and the rest are methodology principles.

Topics

  1. Least privilege:  Software should be given only those privileges that it needs to complete its task.
  2. Fail-safe defaults: The initial state should be to deny access unless access is explicitly required. Then, unless software is given explicit access to an object, it should be denied access to that object and the protection state of the system should remain unchanged.
  3. Complete mediation: Software should validate every access to objects to ensure that the access is allowed.
  4. Separation: Software should not grant access to a resource, or take a security-relevant action, based on a single condition.
  5. Minimize trust: Software should check all inputs and the results of all security-relevant actions.
  6. Economy of mechanism: Security features of software should be as simple as possible.
  7. Minimize common mechanism: The sharing of resources should be reduced as much as possible.
  8. Least astonishment: Security features of software, and security mechanisms it implements, should be designed so that their operation is as logical and simple as possible.
  9. Open design: Security of software, and of what that software provides, should not depend on the secrecy of its design or implementation.
  10. Layering: Organize software in layers so that modules at a given layer interact only with modules in the layers immediately above and below it. This allows you to test the software one layer at a time, using either topdown or bottom-up techniques, and reduces the access points, enforcing the principle of separation.
  11. Abstraction: Hide the internals of each layer, making only the interfaces available; this enables you to change how a layer carries out its tasks without affecting components at other layers.
  12. Modularity: Design and implement the software as a collection of co-operating components (modules); indeed, each module interface is an abstraction.
  13. Complete linkage: Tie software security design and implementation to the security specifications for that software.
  14. Design for iteration: Plan the design in such a way that it can be changed, if needed. This minimizes the effects with respect to the security of changing the design if the specifications do not match an environment that the software is used in.

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Leave a Reply

Your email address will not be published. Required fields are marked *