M.8 Security Fundamental Principles

From CyberEdWiki
Jump to: navigation, search

The first fundamental security design principles are the foundation upon which security mechanisms (e.g., access control) can be reliably built. They are also the foundation upon which security policies can be reliably implemented. When followed, the first principles enable the implementation of sound security mechanisms and systems. When not completely followed, the risk that an exploitable vulnerability may exist is increased. A solid understanding of these principles is critical to successful performance in the cyber operations domain.

Specific topics to be covered in this knowledge unit include, but are not limited to:

  • General Fundamental design principles including:
    • Simplicity
    • Open Design
    • Design for Iteration
    • Least Astonishment
  • Security Design Principles including:
    • Minimize Secrets
    • Complete Mediation
    • Fail-safe Defaults
    • Least Privilege
    • Economy of Mechanism
    • Minimize Common Mechanism
    • Isolation, Separation and Encapsulation
  • Methods for Reducing Complexity including:
    • Abstraction
    • Modularity
    • Layering
    • Hierarchy

Outcome: Students will possess a thorough understanding of the fundamental principles underlying cyber security, how these principles interrelate and are typically employed to achieve assured solutions, the mechanisms that may be built from or due to these principles.

Outcome: Given a particular scenario, students will be able to identify which fundamental security design principles are in play, how they interrelate and methods in which they should be applied to develop systems worthy of trust.

Outcome: Students will understand how failures in fundamental security design principles can lead to system vulnerabilities that can be exploited as part of an offensive cyber operation.