






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An outline of Lecture 3 and 4 on Information Security by Prof. Zaheer Dar. The topic covers the discussion of fundamental security design principles and the use of specific mechanisms such as encipherment, digital signatures, data integrity, authentication, routing control, access control, data confidentiality, economy of mechanism, fail-safe defaults, complete mediation, open design, separation of privilege, least privilege, least common mechanism, and psychological acceptability. The security design principles are essential to prevent security flaws and unwanted access to a system.
Typology: Lecture notes
1 / 11
This page cannot be seen from the preview
Don't miss anything!







What we studied: We will discuss the fundamental security design principles. Also discuss the security mechanisms
Authentication – two entities exchange same massages to prove their identity to each other e.g. use password, fingerprint. Routing Control – increase filter malicious traffic. Access Control – specify access rights based on the user id, role/group to specific transactions. Data Confidentiality – encrypt information using a specific algorithm
The security design principles are considered while designing any security mechanism for a system. These principles are review to develop a secure system which prevents the security flaws and also prevents unwanted access to the system.
Complete Mediation It states that every access to every resource must be validated for authorization. Open Design Concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation.
Separation Privilege It requires that all resource approved resource access attempts be granted based on more than a single condition. Least Privilege It requires a minimalistic approach to granting user access rights to specific information and tools.
Defense in Depth A concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource.