Fundamental Security Design Principles and Mechanisms in Information Security, Lecture notes of Information Systems

An outline of Lecture 3 and 4 on Information Security by Prof. Zaheer Dar. The topic covers the discussion of fundamental security design principles and the use of specific mechanisms such as encipherment, digital signatures, data integrity, authentication, routing control, access control, data confidentiality, economy of mechanism, fail-safe defaults, complete mediation, open design, separation of privilege, least privilege, least common mechanism, and psychological acceptability. The security design principles are essential to prevent security flaws and unwanted access to a system.

Typology: Lecture notes

2020/2021

Uploaded on 01/04/2022

amal8485
amal8485 🇵🇰

1 document

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Information Security
Lecture3,4
PROF: ZAHEER DAR
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Fundamental Security Design Principles and Mechanisms in Information Security and more Lecture notes Information Systems in PDF only on Docsity!

Information Security

Lecture3,

PROF: ZAHEER DAR

Outline

What we studied:  We will discuss the fundamental security design principles.  Also discuss the security mechanisms

Cont…

Authentication – two entities exchange same massages to prove their identity to each other e.g. use password, fingerprint.  Routing Control – increase filter malicious traffic.  Access Control – specify access rights based on the user id, role/group to specific transactions.  Data Confidentiality – encrypt information using a specific algorithm

Security Design Principles

The security design principles are considered while designing any security mechanism for a system. These principles are review to develop a secure system which prevents the security flaws and also prevents unwanted access to the system.

Cont…

Complete Mediation  It states that every access to every resource must be validated for authorization.  Open Design  Concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation.

Cont…

Separation Privilege  It requires that all resource approved resource access attempts be granted based on more than a single condition.  Least Privilege  It requires a minimalistic approach to granting user access rights to specific information and tools.

Cont…

Defense in Depth  A concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource.