The Basic Principles Of Information Protection

Thomas Ptacek | November 23rd, 2005 | Filed Under: Defenses

From Saltzer ‘74:

  1. Economy Of Mechanism (aka minimize complexity). Notable failure: ISAKMP.

  2. Fail-Safe Default (aka default deny fail closed). Notable failure: IDS.

  3. Complete Mediation (aka the weakest link property). Notable failure: forced browsing.

  4. Open Design (aka Kerckhoff’s Principle, if that helps). Notable failure: DVD CSS.

  5. Seperation of Privilege (aka authorization). Notable failure: Windows 95.

  6. Least Privilege. Notable failure: BIND.

  7. Least Common Mechanism (aka minimize attack surface). Notable failure: MSRPC.

  8. Psychological Acceptability (aka usability). Notable failure: phishing.

2 Comments so far

  • Anonymous

    November 23rd, 2005 10:23 pm

    Huh? How does could a passive sensing technology like IDS fail because it doesn’t “fail closed”? That’s not its purpose. Maybe I’m just a dumbass, but I don’t get the analogy…

  • tqbf

    December 2nd, 2005 2:50 pm

    Because unlike with a firewall, an attack that disables the IDS leaves the asset it was protecting exposed,

    • Leave a reply