Learning objectives: * understand the principles of engineering secure systems. * make effective use of security constructs provided by current technologies. * trade off security against useability requirements. * design for secure operability. Overview: Considerations such as which security constructs to use, when and where to place trust, and how to make trade-offs in the design of secure systems are given center stage. Initially, the principles of engineering secure systems are revised: * trusted computing base, * defense in depth, * separation of policies and mechanisms, * least privilege, * minimal attack surface, * fail-safe defaults, * economy of mechanism, * complete mediation, * open design, * separation of privilege, * least common mechanism, * psychological acceptability. After which, the following design issues are reviewed: * aspects of the design of administrative access, * default installation, * logging.
↧