Reflections on Security Principles

My reflections on Saltzer and Schroeder’s “The Protection of Information in Computer Systems

Link: https://www.cs.virginia.edu/~evans/cs551/saltzer/

Which two principles I think are most important, and why.

I think two of the most important principles are Least privilege and Open design.

The principle of least privilege is important because it will help in reducing the attack surface and protect systems by ensuring that users have only the minimum amount of access to perform their task. For example, lets that that our computer has been infected with a malware but if the account has been configured with the least privileges, that malware will be able to execute only some if its activities and it will not gain access to the system files or any other sensitive data. Now once the malware is not able to gain elevated privileges then its ability to propagate, cause damage and steal data will be drastically reduced. Hence implementing the least privilege is important.

Open design principle states that the security of a mechanism should not be depending on the secrecy of the design or its implementation. The closed design will make it difficult for external people, mainly security experts to review and find potential flaws. Also closed design can be more susceptible to the insider attacks. Examples such as heartbleed vulnerability is an example of closed design system having a security flaw. Since there was lack of transparency in closed-source code, security experts could not validate the security of the system and it led to a compromise of potentially thousands of users. Hence, keeping the design open will help make softwares more secure.

Is there anything you think they missed?

One another important principle that I think they missed is defense-in-depth. It states that any system should have multiple layers of security controls where each of them provides various different form of protection. For instance, a system can have access controls as well as various software security and monitoring and logging mechanisms that ensures it has multiple layers of protection for preventing a security breach. Even if there is a security breach and one layer of security control fails, there is another layer that protects the system. It will make malwares work extra hard and that could be, in many cases, enough to make systems more secure. This will also help eliminate the low hanging fruits for the attackers. Also, if the cost of acquiring that information is greater than resource then the attackers will simply not go for it which can be achieved with defense in depth approach.

How have changes since 1975 affected the validity of these principles?

The principles to a large extent are still valid and applicable even till now but context has changed with new technologies. For example, the systems are more complex and it has become even more challenging to keep the design simple as well as secure. Similarly, open design is more prevalent with the concept of open-source software and is also seen as building trust with users. Since modern systems are more complex, it can be equally challenging to disclose all the aspect of systems without compromising the security of system. However, open-source softwares have allowed for greater transparency than ever before which helps in making the software more secure. Also, touching on the principle of least privilege, rise of microservices and containerization has created several new challenges while applying the principle of least privileges. Also, with remote work more prevalent nowadays, it is difficult but equally necessary to implement least privilege since remote workers might be more vulnerable to attacks on their personal devise or public networks.