Thursday, November 02, 2006

Saltzer and Schroeder's Security Design Principles

  • Open design - Assume the attackers have the sources and the specs.
  • Fail-safe defaults - Fail closed; no single point of failure.
  • Least privilege - No more privileges than what is needed.
  • Economy of mechanism - Keep it simple, stupid.
  • Separation of privileges - Don’t permit an operation based on a single condition.
  • Total mediation - Check everything, every time.
  • Least common mechanism - Beware of shared resources.
  • Psychological acceptability - Will they use it?

Adopted from Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach.


At 3:27 PM, Anonymous Anonymous said...


At 5:46 PM, Anonymous Anonymous said...



Post a Comment

<< Home