000000036 001__ 36
000000036 005__ 20130522141955.0
000000036 037__ $$aLERSSE-PRESENTATION-2005-006
000000036 100__ $$aKonstantin Beznosov
000000036 245__ $$aDesign
000000036 260__ $$c2005-10-16
000000036 520__ $$aLearning objectives:  * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability requirements. * design for secure operability. Overview:  Considerations such as which security constructs to use, when and where to place trust, and how to make trade-offs in the design of secure systems are given center stage. Initially, the principles of engineering secure systems are revised: * trusted computing base, * defense in depth, * separation of policies and mechanisms, * least privilege, * minimal attack surface, * fail-safe defaults, * economy of mechanism, * complete mediation, * open design, * separation of privilege, * least common mechanism, * psychological acceptability. After which, the following design issues are reviewed: * aspects of the design of administrative access, * default installation, * logging.
000000036 6531_ $$asecurity engineering
000000036 6531_ $$adesign of secure system
000000036 6531_ $$aengineering security mechanisms
000000036 8560_ $$fqiangw@ece.ubc.ca
000000036 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/36/files/36.pdf$$yTransfer from CDS 0.99.7
000000036 909C4 $$p
	application development course SecAppDev course, Brussels, Belgium, Katholieke
	Universiteit Leuven, 2, 3 March, 2005, pp.55. 
000000036 980__ $$aPRESENTATION