design principles
play

Design Principles CS461 / ECE422 Spring 2012 1 Overview - PowerPoint PPT Presentation

Sep 28, 2022 •120 likes •330 views

Design Principles CS461 / ECE422 Spring 2012 1 Overview Simplicity - Less to go wrong - Fewer possible inconsistencies - Easy to understand Restriction - Minimize access - Inhibit communication Saltzer and Schroeder 75 2 Economy of

  1. Design Principles CS461 / ECE422 Spring 2012 1

  2. Overview • Simplicity - Less to go wrong - Fewer possible inconsistencies - Easy to understand • Restriction - Minimize access - Inhibit communication Saltzer and Schroeder 75 2

  3. Economy of Mechanism • Keep the design as simple and small as possible • Simpler means less can go wrong - And when errors occur, they are easier to understand and fix • Interfaces and interactions 3

  4. Example: Voting Software • Diebold Accuvote TS - 31,000 lines of C++ • PRUI (Yee et al ) - < 300 lines of Python - http://zesty.ca/voting/ • Which one would you trust?

  5. Example: Star Wars

  6. Fail-Safe Defaults • Base access decisions on permission rather than exclusion • Burden of proof is on the principal seeking permission • If the protection system fails, then legitimate access is denied but illegitimate access is also denied 6

  7. Examples • Remove illegal characters: illegal_chars = “,;/\\!” illegal_chars = “,;/\\!” str = [c for c in input if c not in str = [c for c in input if c not in illegal_chars] illegal_chars] • Better: legal_chars = “abcdefg…” legal_chars = “abcdefg…” str = [c for c in input if c in legal_chars] str = [c for c in input if c in legal_chars] • Other examples?

  8. Complete Mediation • Every access to every object must be checked for authority • Usually done once, on first action - UNIX: access checked on open, not checked thereafter • If permissions change after, may get unauthorized access • Proposals to gain performance by remembering the result of an authority check should be examined skeptically 8

  9. Example: Star Wars

  10. Open Design • The design should not be secret - Design / code should be available for public review - Easier to achieve assurance • The mechanisms should not depend on the ignorance of potential attackers, but rather on the possession of specific, more easily protected, keys or passwords. - Kerckhoffs ’ principle: do not depend on the secrecy of something you cannot change 10

  11. Example: GSM security • Algorithms designed in secret - A3/A8: reverse engineered (‘98), broken 3 hours later - A5/2: reverse engineered (‘99), broken 5 hours later - A5/1: reverse engineered (‘99), broken 1 year later

  12. Example: Star Wars

  13. Separation of Privilege • Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. • Require multiple conditions to grant privilege - Separation of duty - Defence in depth 13

  14. Example: root / admin account • Most operating systems use admin account • Any privileged action requires admin privileges - All-or-nothing access

  15. Least Privilege • Every program and every user of the system should operate using the least set of privileges necessary to complete the job • A subject should be given only those privileges necessary to complete its task - Function, not identity, controls - Rights added as needed, discarded after use - Minimal protection domain 15

  16. Examples • Military: need-to-know - BLP/Biba compartments • PitBull: proxy privilege - A new process defines subset of parent’s privilege that it needs to use • Others?

  17. Least Common Mechanism • Minimize the amount of mechanism common to more than one user and depended on by all users - Every shared mechanism (especially one involving shared variables) represents a potential information path between users - Further, any mechanism serving all users must be certified to the satisfaction of every user, a job presumably harder than satisfying only one or a few users. • Is this a good principle? - Shared mechanisms can have higher assurance than non- shared ones 17

  18. Psychological Acceptability • It is essential that the human interface be designed for ease of use so that users routinely and automatically accept the protection mechanisms correctly • Security mechanisms should not add to difficulty of accessing resource - Hide complexity introduced by security mechanisms - Ease of installation, configuration, use - Human factors critical here 18

  19. Example: Voting systems

  20. Key Points • Principles of secure design underlie all security-related mechanisms • Require: - Good understanding of goal of mechanism and environment in which it is to be used - Careful analysis and design - Careful implementation 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets say basically the same thing Confinement, non-VM isolation Library operating systems Sandboxes Program modification Covert

584 views • 30 slides
Human-Computer Interaction 12. Design Principles (2) Last class Psychological design principles

Human-Computer Interaction 12. Design Principles (2) Last class Psychological design principles

Human-Computer Interaction 12. Design Principles (2) Last class Psychological design principles Recap: Psychological principles 1. User sees what they expect to see. 2. Users have difficulty focusing on more than one activity at a time. 3. It

843 views • 55 slides
UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 11:15 pm) I E

UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 11:15 pm) I E

Principles of VLSI Design Introduction CMPE 413/CMSC 711 Principles of VLSI Design Instructor: Professor Jim Plusquellic Text: Principles of CMOS VLSI Design: A Systems Perspective, by Neil H.E. Weste and Kamran Eshraghian. Supplementary

752 views • 21 slides
Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles

Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles

Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 4c due Thursday, 10/29, 11:59pm EST Homework 5 coming soon Team sign-up

620 views • 47 slides
SunyoungKim,PhD Last class Psychological design principles Recap. Psychological

SunyoungKim,PhD Last class Psychological design principles Recap. Psychological

Human-Computer Interaction 17. Design Design Principles (2) SunyoungKim,PhD Last class Psychological design principles Recap. Psychological principles 1. User sees what they expect to see. 2. Users have difficulty focusing on more

963 views • 57 slides
Design principles for m-learning Outcome : To determine basic design principles for mobile

Design principles for m-learning Outcome : To determine basic design principles for mobile

Design principles for m-learning Outcome : To determine basic design principles for mobile learning and identify the key limitations to the design and development of mobile instruction. 1 Needs Assessment Before you start the design True

343 views • 10 slides
Human-Computer Interaction 12. Design Principles (3) Last class Normans design principles

Human-Computer Interaction 12. Design Principles (3) Last class Normans design principles

Human-Computer Interaction 12. Design Principles (3) Last class Normans design principles Recap. Usability Usability is a measure of the effectiveness, efficiency and satisfaction with which specified users can achieve specified goals in a

826 views • 68 slides
Design Principles The goals of good design Goals What kind of devices do we want to make?

Design Principles The goals of good design Goals What kind of devices do we want to make?

Design Principles The goals of good design Goals What kind of devices do we want to make? Useful vs. usable 2 CS 349 - Design Principles 3 CS 349 - Design Principles 4 CS 349 - Design Principles http://www.tvhistory.tv 5 CS 349 -

813 views • 62 slides
Design Principles for Security-conscious Systems 1 Overview Design principles from Saltzer

Design Principles for Security-conscious Systems 1 Overview Design principles from Saltzer

Design Principles for Security-conscious Systems 1 Overview Design principles from Saltzer &amp; Schroeders 1975 paper A few case studies What did Saltzer-Schroeder overlook? (Personal opinions) 2 Saltzer and Schroeders

780 views • 45 slides
4 OO Package Design Principles 4.1 Packages Introduction 4.2 Packages in UML 4.3 Three

4 OO Package Design Principles 4.1 Packages Introduction 4.2 Packages in UML 4.3 Three

4 OO Package Design Principles 4.1 Packages Introduction 4.2 Packages in UML 4.3 Three Package Design Principles 4.4 Development Environment (Three more principles) 4.5 Summary OO Package Design Principles Stefan Kluth 1 4.1 Packages

392 views • 36 slides
UX Design Principles and Guidelines R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering

UX Design Principles and Guidelines R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering

UX Design Principles and Guidelines R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering Principles abstract design rules an interface should be easy to navigate Guidelines - advice on how to achieve principles

440 views • 30 slides
Outline Saltzer &amp; Schroeders principles CSci 5271 More secure design principles

Outline Saltzer &amp; Schroeders principles CSci 5271 More secure design principles

Outline Saltzer &amp; Schroeders principles CSci 5271 More secure design principles Introduction to Computer Security Day 7: Defensive programming and design, part 1 Software engineering for security Stephen McCamant Announcements

355 views • 7 slides
Web Design Guidelines SWEN-444 Design Principles and Guidelines User Populations (Shared human

Web Design Guidelines SWEN-444 Design Principles and Guidelines User Populations (Shared human

Web Design Guidelines SWEN-444 Design Principles and Guidelines User Populations (Shared human ability and behavior) (Problem domains) Computing Paradigms (Platform guidelines and conventions) Foundation Design Principles (Empirical)

663 views • 21 slides
Cognitive Principles in Tutor &amp; Cognitive Tutor Principles e-Learning Design

Cognitive Principles in Tutor &amp; Cognitive Tutor Principles e-Learning Design

Lots of Lists of Principles 1 Cognitive Principles in Tutor &amp; Cognitive Tutor Principles e-Learning Design Koedinger, K. R. &amp; Corbett, A. T. (2006). Cognitive Tutors: Technology bringing learning science to the classroom.

325 views • 13 slides
Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological

488 views • 22 slides
Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological

787 views • 43 slides
Nuclear Safety Standards Committee 41 st Meeting, 21 23 June, 2016 Joint IAEA-ICTP Essential

Nuclear Safety Standards Committee 41 st Meeting, 21 23 June, 2016 Joint IAEA-ICTP Essential

Nuclear Safety Standards Committee 41 st Meeting, 21 23 June, 2016 Joint IAEA-ICTP Essential Knowledge Workshop on Nuclear Power Plant Design Safety Agenda item Title ICTP/Trieste, 9 20 October 2017 Assessment of Defence in Depth Name,

580 views • 38 slides
Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security Consultant About me Katy Anton Software development background Project co-leader for OWASP Top 10 Proactive Controls (@OWASPControls)

599 views • 37 slides
Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides
Building security from scratch Anthi Gilligan Application Security Engineer - Logitech

Building security from scratch Anthi Gilligan Application Security Engineer - Logitech

From ZERO to HERO Building security from scratch Anthi Gilligan Application Security Engineer - Logitech @AnGreagach Who I am and what I do The state of Infosec The experts Pitfall #1 Pitfall #2 Pitfall #3 Pitfall #4 ENCRYPT

522 views • 16 slides
Reliable Agent Systems This lecture looks more closely at reliability of agent systems in an open

Reliable Agent Systems This lecture looks more closely at reliability of agent systems in an open

Reliable Agent Systems This lecture looks more closely at reliability of agent systems in an open environment: Why this is difficult but (maybe) important. Two short examples showing how a small change in our formal view alters practice.

262 views • 24 slides
Concept for Naval Mine Counter Measures Major Van Hoeserlande Patrick, Ir HQ SACT Concept

Concept for Naval Mine Counter Measures Major Van Hoeserlande Patrick, Ir HQ SACT Concept

Supreme Allied Commander Transformation Proposal for a Future NATO Concept for Naval Mine Counter Measures Major Van Hoeserlande Patrick, Ir HQ SACT Concept Developer Patrick.VanHoeserlande@act.nato.int ACT - Improving today, Shaping

409 views • 24 slides
New AR/VR Trends in Aerospace 04.19.17 Agenda Introductions The State of VR/AR VR/AR: What is

New AR/VR Trends in Aerospace 04.19.17 Agenda Introductions The State of VR/AR VR/AR: What is

New AR/VR Trends in Aerospace 04.19.17 Agenda Introductions The State of VR/AR VR/AR: What is Next Inhanced VR/AR in Aerospace VR/AR Demos 2 who we are Inhance Digital is an award-winning trans-media interactive agency focused on creating

881 views • 53 slides
USING DOCKER SAFELY ADRIAN MOUAT NLUUG 28 MAY 2015 LOT OF NEGATIVE COMMENTS ON DOCKER SECURITY

USING DOCKER SAFELY ADRIAN MOUAT NLUUG 28 MAY 2015 LOT OF NEGATIVE COMMENTS ON DOCKER SECURITY

USING DOCKER SAFELY ADRIAN MOUAT NLUUG 28 MAY 2015 LOT OF NEGATIVE COMMENTS ON DOCKER SECURITY &quot;Containers Don't Contain&quot; Daniel Walsh, RedHat https://opensource.com/business/14/7/docker- security-selinux &quot;... total systemic

502 views • 48 slides

More recommend