home go links go books go opinion go gallery go projects go resumé go
about this site
archives
book reviews
"to read" list
tech books
search books
books archive
last 10 posts
quotes
cluetrain
cluetrain (mirrored)
randobracket
image auth
search engine hits
  hit history
indexer stats
user agent list
HTML (view)
  (most up-to-date)
MS Word (dl)
code examples
doesntsuck.com
doesntsuck.com

February 01, 2006

computer security analogies in democracy   (link)

http://www.wired.com/news/columns/0,70114-0.html
You can compare these legal concepts to the eight principles for designing secure systems set forth in an article by Jerome Saltzer and Michael Schroeder and discussed in Computer Security: Art and Science by Matt Bishop, where I ran across them. These principles are:

* Separation of privilege: The protection mechanism should grant access based on more than one piece of information.
* Least privilege: The protection mechanism should force every process to operate with the minimum privileges needed to perform its task.
* Open design: The protection mechanism should not depend on attackers being ignorant of its design to succeed. It may, however, be based on the attacker's ignorance of specific information such as passwords or cipher keys.
* Fail-safe defaults: The protection mechanism should deny access by default, and grant access only when explicit permission exists.
* Complete mediation: The protection mechanism should check every access to every object.
* Economy of mechanism: The protection mechanism should have a simple and small design.
* Least common mechanism: The protection mechanism should be shared as little as possible among users.
* Psychological acceptability: The protection mechanism should be easy to use (at least as easy as not using it).

Posted by yargevad at February 1, 2006 03:47 PM


This weblog is licensed under a Creative Commons License.