jump to navigation

Evolution of Security in Computer Systems April 13, 2015

Posted by melihbilen in Security.

This article includes brief summary and review of Jerome Saltzer’s paper which is published in 1975. In his article “The Protection of Information in Computer Systems”, Saltzer tries to draw an outline for security mechanisms. He includes eight different design principles in his writing.

1)      Economy of mechanism

Basic idea in this principle is keeping design as much as simple and small. This brings several advantages such as easiness of test and validate.

2)      Fail-safe defaults

We can give example of a shop in here. Strangers cannot enter a shop by using emergency exit since that door is built according to this situation. However, when it is needed somebody from inside can use this door easily. This principle claims that computers systems should be designed in this way. They can grant access to somebody while they can deny access to system in other way.

3)      Complete mediation

In this principle, the author says that system should check every access whether it is granted or not. File system authentication control can be given as an example of this situation. Operating system controls each user to understand that the user has access to see that document or not.

4)      Open design

Open design might not seem the best choice especially if you are trying to hide information from somebody. However, system shouldn’t base on way that it tries to hide some information in order to protect system. Instead of that, even attackers know everything about security system; they shouldn’t be able to find a way to enter the system.

5)      Separation of privilege

When it is possible, systems should be designed in a way that it requires two different keys from two entities in order to have access to system. This kind of protection provides more secure and flexible system than the one which grants access to somebody who has only one key. Example of this principle can be seen in different areas including safety deposit boxes to nuclear weapons.

6)      Least privilege

In this article Smith explains this principle like that “Every program and user should operate while invoking as few privileges as possible”. When it is needed, system can grant access to have root or administrative privileges. A user with all privileges is not a desirable case for all systems.

7)      Least common mechanism

Smith states that “Users should not share system mechanisms except when absolutely necessary, because shared mechanisms may provide unintended communication paths or means of interference.”

8)      Psychological acceptability

Each system should design with consideration of usability issues. System should be both secure and usable.

All these principals constitutes base for today’s information security principles. People defined new principals based on these principles.


[1] http://www.acsac.org/secshelf/papers/protection_information.pdf

[2] http://www.cryptosmith.com/book/export/html/365



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: