Scribd
Upload
5 views

Information_Security_Lecture_2

The document outlines key principles of security design, emphasizing their importance in preventing cyber threats across various systems. It details ten principles including Least Privilege, Separation of Duties, and Defense in Depth, providing definitions and real-world examples for each. The principles aim to ensure secure system design in software, networks, and databases.

Uploaded by

bsf23000703
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5 views

Information_Security_Lecture_2

The document outlines key principles of security design, emphasizing their importance in preventing cyber threats across various systems. It details ten principles including Least Privilege, Separation of Duties, and Defense in Depth, providing definitions and real-world examples for each. The principles aim to ensure secure system design in software, networks, and databases.

Uploaded by

bsf23000703
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

HIRA ZAMAN

INFORMATION SECURITY DEPARTMENT OF COMPUTER SCIENCE,

LECTURE 2 THE UNIVERSITY OF EDUCATION, LAHORE

ATTOCK CAMPUS
SECURITY DESIGN PRINCIPLES
INTRODUCTION TO SECURITY DESIGN

1. What is Security Design?


• Set of principles ensuring a system is designed securely.

2. Why is it Important?
• Prevents cyber threats and vulnerabilities.

3. Where is it Applied?
• Software, networks, databases, cloud computing, etc.
SECURITY DESIGN PRINCIPLES OVERVIEW

There are 10 key principles for designing security.


1. Least Privilege
2. Separation of Duties
3. Fail-Safe Defaults
4. Economy of Mechanism
5. Complete Mediation
6. Open Design
7. Least Common Mechanism
8. Psychological Acceptability
9. Defense in Depth
10.Security by Obscurity (controversial)
PRINCIPLE 1 - LEAST PRIVILEGE

• Definition: Users should have the minimum access needed to perform tasks.
• Example: A bank cashier should not access customer financial records.
PRINCIPLE 2 - SEPARATION OF DUTIES:

 Definition: Dividing responsibilities to prevent fraud and errors.


 Example: One person initiates a transaction, another approves it.
PRINCIPLE 3 - FAIL-SAFE DEFAULTS

 Definition: Deny access by default; grant permissions explicitly.


 Example: By default, a new system user has no permissions until granted.
PRINCIPLE 4 - ECONOMY OF MECHANISM

 Definition: Keep security designs simple and minimal.


 Example: A login system with just a username and password is more secure than a complex
one with unnecessary steps.
PRINCIPLE 5 - COMPLETE MEDIATION

 Definition: Every access request should be checked before granting access.


 Example: Websites requiring re-authentication for financial transactions.
PRINCIPLE 6 - OPEN DESIGN

 Definition: Security should rely on strong design rather than secrecy.


 Example: Open-source encryption like AES is secure because of its strong algorithm, not
because it is hidden.
PRINCIPLE 7 - LEAST COMMON MECHANISM

 Definition: Reduce shared resources to minimize attack risks.


 Example: Using separate authentication services for different security levels.
PRINCIPLE 8 - PSYCHOLOGICAL ACCEPTABILITY

 Definition: Security should be user-friendly.


 Example: Password managers make complex password handling easier.
PRINCIPLE 9 - DEFENSE IN DEPTH

 Definition: Use multiple security layers to protect systems.


 Example: Firewalls, antivirus, and multi-factor authentication together.
PRINCIPLE 10 - SECURITY BY OBSCURITY
(CONTROVERSIAL)

 Definition: Hiding security mechanisms can provide an extra layer of security but is not a
primary defense.
 Example: Changing default SSH ports for security.
REAL-WORLD EXAMPLES

 Facebook: Uses Least Privilege to restrict employee access to user data.


 Banking Systems: Implement Separation of Duties to prevent fraud.
 Equifax Data Breach (2017): Failure in Complete Mediation led to massive data leaks.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy