8 - Security
(1) Write short note on Design Principles of Security.
Design Principles of Security
• Principles of Least Privileges:
✓ It restricts how privileges are granted.
✓ This principle states how the privileges are to be granted to a subject. A subject
should be given only those privileges that it requires for completing a task.
✓ If a subject does not need a specific right it should not be granted that right.
✓ For example, if a subject requires append rights to an object then it must be
given only the append rights and not the write rights.
• Principe of Fail Safe Defaults:
✓ It restricts how privileges are initialized when a subject or object are created.
✓ This principle states that unless the subject is given explicit access to the object
it should be denied access to that object.
✓ This means that the default access to object is none.
✓ All the access rights should be given explicitly granted.
• Principle of Economy of Mechanisms:
✓ This principle simplifies the design and implementation of security mechanisms.
✓ This principle states that security mechanism should be as simple as possible.
✓ If design is simple there are fewer chances for errors.
✓ The checking and testing procedure becomes simpler.
• Principles of Complete Mediation:
✓ This principle states that all the accesses to object be checked in order to
ensure that they are allowed.
✓ Whenever a subject attempts to read an object the OS mediate the action.
✓ First it determines if the subject is allowed to access the object.
✓ If so it provides resources for reading the object.
✓ If the subject reattempts the read operation then it checks if the subject is still
allowed to read the object and then allows for reading.
• Principle of Open Design:
✓ This principle suggests that complexity doesn’t add security.
✓ This principle states that the security of mechanism should not depend on the
secrecy of its design or implementation.
• Principles of Separation of Privileges:
✓ This principle states that the access of an object should not depend only on
fulfilling a single condition.
1
, 8 - Security
✓ There should be multiple conditions required to grant privilege and two or
more system components work together to enforce security.
• Principles of Least Common Mechanism
✓ This principle states that the amount of mechanism common to and depending
on multiple users should be kept to the minimum possible.
• Principles of user Acceptability
✓ This principle states that the mechanism used for protection should be
acceptable to the users and should be easy to use.
✓ Otherwise, the user may feel a burden to follow the protection mechanism.
(2) Explain Domain Protection mechanism in detail.
• A computer can be viewed as a collection of processes and objects (both H/W & S/W).
• Means a computer system is collections of objects and processes and these objects
and processes are needed to be protected.
• Each object has unique name by which it is referred and finite set of operations that
processes are allowed to carry out on it.
• There should be some way to prohibit processes from accessing objects that they are
not authorized to.
• Operations that are possible depend on the object.
Object Operation
CPU Execution
File Read, Write
Semaphore Up, Down
Tape Drives Read, Write,
Rewound
• It is also possible to restrict processes to carry out a subset of legal operations.
• In other words we can say that process should be able to access only those resources
that it currently requires to complete its task.
• This requirement is known as need to know principle.
Domain Structure
2
(1) Write short note on Design Principles of Security.
Design Principles of Security
• Principles of Least Privileges:
✓ It restricts how privileges are granted.
✓ This principle states how the privileges are to be granted to a subject. A subject
should be given only those privileges that it requires for completing a task.
✓ If a subject does not need a specific right it should not be granted that right.
✓ For example, if a subject requires append rights to an object then it must be
given only the append rights and not the write rights.
• Principe of Fail Safe Defaults:
✓ It restricts how privileges are initialized when a subject or object are created.
✓ This principle states that unless the subject is given explicit access to the object
it should be denied access to that object.
✓ This means that the default access to object is none.
✓ All the access rights should be given explicitly granted.
• Principle of Economy of Mechanisms:
✓ This principle simplifies the design and implementation of security mechanisms.
✓ This principle states that security mechanism should be as simple as possible.
✓ If design is simple there are fewer chances for errors.
✓ The checking and testing procedure becomes simpler.
• Principles of Complete Mediation:
✓ This principle states that all the accesses to object be checked in order to
ensure that they are allowed.
✓ Whenever a subject attempts to read an object the OS mediate the action.
✓ First it determines if the subject is allowed to access the object.
✓ If so it provides resources for reading the object.
✓ If the subject reattempts the read operation then it checks if the subject is still
allowed to read the object and then allows for reading.
• Principle of Open Design:
✓ This principle suggests that complexity doesn’t add security.
✓ This principle states that the security of mechanism should not depend on the
secrecy of its design or implementation.
• Principles of Separation of Privileges:
✓ This principle states that the access of an object should not depend only on
fulfilling a single condition.
1
, 8 - Security
✓ There should be multiple conditions required to grant privilege and two or
more system components work together to enforce security.
• Principles of Least Common Mechanism
✓ This principle states that the amount of mechanism common to and depending
on multiple users should be kept to the minimum possible.
• Principles of user Acceptability
✓ This principle states that the mechanism used for protection should be
acceptable to the users and should be easy to use.
✓ Otherwise, the user may feel a burden to follow the protection mechanism.
(2) Explain Domain Protection mechanism in detail.
• A computer can be viewed as a collection of processes and objects (both H/W & S/W).
• Means a computer system is collections of objects and processes and these objects
and processes are needed to be protected.
• Each object has unique name by which it is referred and finite set of operations that
processes are allowed to carry out on it.
• There should be some way to prohibit processes from accessing objects that they are
not authorized to.
• Operations that are possible depend on the object.
Object Operation
CPU Execution
File Read, Write
Semaphore Up, Down
Tape Drives Read, Write,
Rewound
• It is also possible to restrict processes to carry out a subset of legal operations.
• In other words we can say that process should be able to access only those resources
that it currently requires to complete its task.
• This requirement is known as need to know principle.
Domain Structure
2
