000000036 001__ 36 000000036 005__ 20130522141955.0 000000036 037__ $$aLERSSE-PRESENTATION-2005-006 000000036 100__ $$aKonstantin Beznosov 000000036 245__ $$aDesign 000000036 260__ $$c2005-10-16 000000036 520__ $$aLearning objectives: * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability requirements. * design for secure operability. Overview: Considerations such as which security constructs to use, when and where to place trust, and how to make trade-offs in the design of secure systems are given center stage. Initially, the principles of engineering secure systems are revised: * trusted computing base, * defense in depth, * separation of policies and mechanisms, * least privilege, * minimal attack surface, * fail-safe defaults, * economy of mechanism, * complete mediation, * open design, * separation of privilege, * least common mechanism, * psychological acceptability. After which, the following design issues are reviewed: * aspects of the design of administrative access, * default installation, * logging. 000000036 6531_ $$asecurity engineering 000000036 6531_ $$adesign of secure system 000000036 6531_ $$aengineering security mechanisms 000000036 8560_ $$fqiangw@ece.ubc.ca 000000036 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/36/files/36.pdf$$yTransfer from CDS 0.99.7 000000036 909C4 $$p application development course SecAppDev course, Brussels, Belgium, Katholieke Universiteit Leuven, 2, 3 March, 2005, pp.55. 000000036 980__ $$aPRESENTATION