Lecture 2 Outline (April 1, 2015)

Lecture 2 Outline (April 1, 2015)

Reading: text, § 13, 18; [Bel07, Mei06, VE06]
  1. Assurance
    1. Trustworthy entities
    2. Security assurance
    3. Trusted system
    4. Why assurance is needed
    5. Requirements
    6. Assurance and the software life cycle
  2. Principles of secure design
    1. Principle of least privilege
    2. Principle of fail-safe defaults
    3. Principle of economy of mechanism
    4. Principle of complete mediation
    5. Principle of open design
    6. Principle of separation of privilege
    7. Principle of least common mechanism
    8. Principle of least astonishment

You can also obtain a PDF version of this. Version of April 3, 2015 at 12:01AM