Saltzer and Schroeder's Security Design Principles

Principles:

• Open design - Assume the attackers have the sources and the specs.
• Fail-safe defaults - Fail closed; no single point of failure.
• Least privilege - No more privileges than what is needed.
• Economy of mechanism - Keep it simple, stupid.
• Separation of privileges - Don’t permit an operation based on a single condition.
• Total mediation - Check everything, every time.
• Least common mechanism - Beware of shared resources.
• Psychological acceptability - Will they use it?

Adopted from Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach.