Design principles that help build secure systems: ### Security economics Design principles should be informed by cost and effectiveness of defenses![[attachments/Screenshot 2023-05-23 at 9.00.07 PM.png]] Defender security cost and benefit: - Reduce risk to an acceptable level, where, ```Cyber risk = Attack likelihood * Attack Impact ``` - Weigh the defense vs. response cost Attacker cost and benefit - Work factor (cost of attack) vs. Gain ### User acceptability It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. [ref](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html) ### Economy of mechanism Keep the design as simple and small as possible. [ref](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html) ![[attachments/Screenshot 2023-05-23 at 9.05.58 PM.png]] ### Open design Don't count on security by obscurity. The mechanisms should not depend on the ignorance of potential attackers, but rather their posession of specific passwords or keys. ### Least privilege Every program and every user of the system should operate using the least set of privileges necessary to complete the job. [ref](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html) ### Separation of privilege Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. [ref](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html) This allows for a more fine-grain access control, where different resources are accessed with different privileges. Example: The same key is not allowed to access different secure areas in a building. ### Fail-dafe defaults Base access on permissions rather than exclusion (making lack of access the default). [ref](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html) ### Defense in depth Diverse mechanisms are less likely to share the same vulnerability. Have diverse protection layers of defense. ![[attachments/Screenshot 2023-05-23 at 9.15.07 PM.png]] ## Cybersecurity beyond prevention `cybersecurity = prevention + detection + response/remediation` ----- ### Sources 1. Georgia Tech Module Lectures from Secure Computer Systems 2. [OMSCS Lecture Notes](https://www.omscs-notes.com/secure-computer-systems/02-design-principles/) 3. [The Protection of Information in Computer Systems](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html)