|
Robust Software Principles Ignored
A classic late-1970s ploy —buffer overflow— is still penetrating
systems today.
In her book, Intrusion Detection (Macmillan Technology Series,
1999), Rebecca Bace urges developers to reacquaint themselves with a 25-year-old
paper by Jerome H. Saltzer and Michael D. Schroeder ("The Protection
of Information in Computer Systems," Proceedings of the IEEE,
Vol. 63, No. 9, Sept. 1975), in which the authors enumerate eight fail-safe
security design principles. They are:
1. Least privilege. Relinquish access when it's not required.
2. Fail-safe defaults. When the power goes off, the lock should be
closed.
3. Economy of mechanism. Keep things as small and simple as possible.
4. Complete mediation. Check every access to every object.
5. Open design. Don't attempt "security by obscurity," as
Bace puts it; assume the adversary can find your hiding places.
6. Separation of principle. Don't make privilege decisions based only
on a single criterion; use the onion-skin model.
7. Least common mechanism. Minimize shared channels.
8. Psychological acceptability. Make security painless, transparent
and ubiquitous.
Dr. Eugene Spafford, professor of computer science and philosophy at
Purdue University, agrees with Bace that following these principles would
go a long way toward eliminating the "penetrate-and-patch" mentality
that prevails among software vendors today.
— A. Weber Morales
|
![[Blue Ribbon Campaign icon]](http://br.eff.org/brstrip.gif){kind=small}
