Definition
Security Design Principles
These are fundamental architectural rules that should be followed when designing a secure system to ensure robustness and ease of verification.
Core Principles
- Open Design: The security of a system should not depend on keeping its design secret (Security by Obscurity). Mechanisms should be public and verifiable.
- Default Deny (Fail-safe defaults): Access should be denied by default; permissions must be explicitly granted.
- Least Privilege: Every process and user should operate using the minimum set of permissions necessary to perform its task.
- Economy of Mechanism: Keep security mechanisms as simple and small as possible to facilitate verification and testing.
- Acceptability: Security measures must be user-friendly and not overly burdensome, otherwise users will attempt to bypass them.
- Complete Mediation: Every access to every object must be checked for authorisation, including during exception handling.
- Separation of Privilege: Requiring multiple pieces of evidence (e.g., two-factor authentication) before granting access.
- Least Common Mechanism: Minimising the number of shared security mechanisms among users to limit potential leakages.