LERSSE-PRESENTATION-2005-006

Design

Konstantin Beznosov

16 October 2005

Abstract: Learning objectives: * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability requirements. * design for secure operability. Overview: Considerations such as which security constructs to use, when and where to place trust, and how to make trade-offs in the design of secure systems are given center stage. Initially, the principles of engineering secure systems are revised: * trusted computing base, * defense in depth, * separation of policies and mechanisms, * least privilege, * minimal attack surface, * fail-safe defaults, * economy of mechanism, * complete mediation, * open design, * separation of privilege, * least common mechanism, * psychological acceptability. After which, the following design issues are reviewed: * aspects of the design of administrative access, * default installation, * logging.

Keyword(s): security engineering ; design of secure system ; engineering security mechanisms

Published in: application development course SecAppDev course, Brussels, Belgium, Katholieke Universiteit Leuven, 2, 3 March, 2005, pp.55. :

The record appears in these collections:
Engineering Security Mechanisms
Talks/Presentations

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)