Saltzer and Schroeder's Security Design Principles
Principles:
- Open design - Assume the attackers have the sources and the specs.
- Fail-safe defaults - Fail closed; no single point of failure.
- Least privilege - No more privileges than what is needed.
- Economy of mechanism - Keep it simple, stupid.
- Separation of privileges - Don’t permit an operation based on a single condition.
- Total mediation - Check everything, every time.
- Least common mechanism - Beware of shared resources.
- Psychological acceptability - Will they use it?
Adopted from Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach.



2 Comments:
a
aaa
Post a Comment
<< Home