jump to navigation

Security: 8 Key Principles September 22, 2013

Posted by lorenmurphy2 in Security.

The paper “The Protection of Information in Computer Systems,” explores eight design principles that should be considered when dealing with a system’s security. Saltzer [1] suggests that by using these principles (economy of mechanism, fail-safe defaults, complete mediation, open design, separation of privilege, least privilege, least common mechanism and psychological acceptability) the amount and severity of any system flaw will be reduced and therefore create a more secure system. Out of the eight principles, I would like to address three: fail-safe defaults, separation of privilege and least privilege.

According to Saltzer, Fail-safe defaults base access decisions on permission rather than exclusion. This means the default setting is always no access. This principle is commonly used on a daily basis. For instance, at work one must be granted badge access to enter into certain parts of the building. Even social media sites, such as Facebook, use this method when the user has to “friend” someone in order to allow their profile to be visible. Having to grant access instead of denying access is more efficient because the number of people who need access will most likely be less than the number of people who do not. Therefore, the system does not have to go down an entire list of people and individually deny them.

The next principle that stood out was separation of privilege.  Separation of privilege requires two keys to unlock a particular feature instead of only one key. As stated in the paper, this method is used by the defense system that fires a nuclear weapon. Overall, I think this method is useful because it eliminates any accidental mistakes since two independent parties have both reviewed and agreed to the information. I personally have seen this method at work when the approval of two different departments is needed in order to release a document. Also if something goes wrong, this method eliminates a single party having to take full responsibility.

The last principle that I would like to call attention to is least privilege. This principle suggests that every user operates using the least amount of privileges needed for the job. This concept is important because it limits the number of people who have complete access to the system. This reduces the amount of accidently errors that can occur. I have also seen this principle used on my job. When I start a new role, I am assigned training and access to only the areas where I am working. This helps me, the user, because I do not have to worry about breaking the system or messing up a particular online report form because I am only exposed to what is need for my particular role. In addition, this system helps the company because if an error occurs, the source of the problem can be quickly identified because they will automatically know who has access to that particular function.

My question to you is have you seen any of these eight principles used either on your job or in everyday life. If so, which principles do you think are the most useful or should some principles be modified?

[1] Saltzer, Jerome H., and Schroeder, Michael D., “The Protection of Information in Computer Systems”, Proceedings of the IEEE, Volume 63, Issue 9, Sept. 1975



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: