LERSSE-PRESENTATION-2005-006 |
Konstantin Beznosov
16 October 2005
Abstract: Learning objectives: * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability requirements. * design for secure operability. Overview: Considerations such as which security constructs to use, when and where to place trust, and how to make trade-offs in the design of secure systems are given center stage. Initially, the principles of engineering secure systems are revised: * trusted computing base, * defense in depth, * separation of policies and mechanisms, * least privilege, * minimal attack surface, * fail-safe defaults, * economy of mechanism, * complete mediation, * open design, * separation of privilege, * least common mechanism, * psychological acceptability. After which, the following design issues are reviewed: * aspects of the design of administrative access, * default installation, * logging.
Keyword(s): security engineering ; design of secure system ; engineering security mechanisms
Published in:
application development course SecAppDev course, Brussels, Belgium, Katholieke
Universiteit Leuven, 2, 3 March, 2005, pp.55. :
The record appears in these collections:
Engineering Security Mechanisms
Talks/Presentations