The Protection Of Information In Computer Systems
   HOME

TheInfoList



Click Here for Items Related To - The Protection Of Information In Computer Systems
OR:
The Protection Of Information In Computer Systems on:   [Wikipedia]   [Google]   [Amazon]

''The Protection of Information in Computer Systems'' is a 1975 seminal publication by
Jerome Saltzer Jerome Howard "Jerry" Saltzer (born October 9, 1939) is an American computer scientist. Career Jerry Saltzer received an ScD in Electrical Engineering from Massachusetts Institute of Technology, MIT in 1966. His dissertation Traffic Control ...
and
Michael Schroeder Michael David Schroeder (born 1945) is an American computer scientist. His areas of research include computer security, distributed systems, and operating systems, and he is perhaps best known as the co-inventor of the Needham–Schroeder proto ...
about
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
. The paper emphasized that the primary concern of security measures should be the information on computers and not the computers itself. It was published 10 years prior to
Trusted Computer System Evaluation Criteria Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TC ...
, commonly known as the Orange Book.


Design principles

The following design principles are laid out in the paper: * Economy of mechanism: Keep the design as simple and small as possible. * Fail-safe defaults: Base access decisions on permission rather than exclusion. * Complete mediation: Every access to every object must be checked for authority. *
Open design The open-design movement involves the development of physical products, machines and systems through use of publicly shared design information. This includes the making of both free and open-source software (FOSS) as well as open-source hardwar ...
: The design should not be secret. * Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. *
Least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction la ...
: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. * Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users. * Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. * Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker. * Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.


See also

*
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (International Organization for Standardization, ISO/International Electrotechnical Commission, IEC 15408) for co ...


References


External links

* Computer security software Software design Computer science papers {{security-stub