Security Design Principles

1
Security Design Principles

• http//www.networksorcery.com/enp/rfc/rfc3514.txt
• Many observations due to Viega, McGraw
• Security is not a feature (now, with more
  fonts!) that you can just add on
• Its more like the feature that a program
  doesnt crash, or performs well
• iChoose and 56-bit DES
• x10 XCam2 http//www.x10.com/products/x10_vk45a.ht
  m
• This class focuses more on the technology than on
  the process
• Main outcome of this course you will be
  conversant in basic security technologies
• Not a certified security integrator or anything
  like that
• Many of our examples are under specified, not
  real applications
• Once looking at real applications, responsibility
  to look at much larger picture
• The programming project/homeworks are kind of
  dangerous!
• Big problem common platforms not designed with
  security in mind, and was added on later
• UNIX
• DOS/Windows
• Arpanet protocols (sensitivity field)
• Standards Common Criteria
• Common vocabulary
• Protection profiles indicate requirements

2
Principles Bumper Stickers

• Define security goals
• Define threat model
• Brainstorm attacks
• STRIDE
• Spoofing
• Tampering
• Repudiation
• Information disclosure
• DOS
• Elevation
• Hey, what about covert channels?
• Rank by risk
• Figure out what to do
• Iterate
• Secure the weakest link
• Attackers are interested in fruits of attack, not
  reenacting David v. Goliath
• _at_TTY03
• Defense in depth
• In other words, use more than one chain