Thursday, November 02, 2006

What Security Means

Security means that the systems have the properties of confidentiality, integrity, and availability, that users are authenticated and authorized correctly, and that transactions are non-repudiable.

The following explains each property.
  • Confidentiality - Data is only available to the people intended to access it.
  • Integrity - Data and system resources are only changed in appropriate ways by appropriate people.
  • Availability - Systems are ready when needed and perform acceptably.
  • Authentication - The identity of users is established (or you’re willing to accept anonymous users).
  • Authorization - Users are explicitly allowed or denied access to resources.
  • Nonrepudiation - Users can’t perform an action and later deny performing it.

The following maps threats to the properties that guard against them.

  • Spoofing - Authentication
  • Tampering - Integrity
  • Repudiation - Non-repudiation
  • Information disclosure - Confidentiality
  • Denial of service - Availability
  • Elevation of privilege - Authorization

Adopted from Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach.

Saltzer and Schroeder's Security Design Principles

Principles:
  • Open design - Assume the attackers have the sources and the specs.
  • Fail-safe defaults - Fail closed; no single point of failure.
  • Least privilege - No more privileges than what is needed.
  • Economy of mechanism - Keep it simple, stupid.
  • Separation of privileges - Don’t permit an operation based on a single condition.
  • Total mediation - Check everything, every time.
  • Least common mechanism - Beware of shared resources.
  • Psychological acceptability - Will they use it?

Adopted from Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach.