Security Architecture System Principles

From Glitchdata
Jump to navigation Jump to search

  • Least Privilege
    • An entity (person or software) should have the least privilege necessary to carry out their responsibilities for the minimum time necessary.
  • Privilege separation
    • High privilege operations are removed from components which are interacted with by external entities (person or software) and assigned to a separate higher assurance component
  • Fail safe defaults
    • Systems should depend on secure defaults in the event of failure should deny access.
  • Complete mediation
    • All accesses to a resource should be checked to ensure they are allowed.
  • Separation of privilege
    • Access to a resource should not be granted on the basis of a single condition
  • Least common mechanism
    • Mechanism used to access resources should not be shared
  • Minimise attack surface
    • Minimise the system functions, interfaces, channels, methods and data which could be accessible to a malicious actor
  • Limit trust
    • Minimise the elements that need to be trusted, including system components, client software, actual users and other systems.