COMP424
Computer Security
Design Principles¹ ____________________________________________________________

Jeff Wiegley, Ph.D.
Computer Science
jeffw@csun.edu

08/29/2005

1

• The principle of least privilege states that a subject should be given only those privileges that it needs in order to complete its task.
• The principle of fail-safe defaults states that, unless a subject is given explicit access to an object, it should be denied access to that object.
• The principle of economy of mechanism states that security mechanisms should be as simple as possible.
• The principle of complete mediation requires that all accesses to objects be checked to ensure that they are allowed.

2

• The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation.
• The principle of separation of privilege states that a system should not grant permission based on a single condition.
• The principle of least common mechanism states that mechanisms used to access resources should not be shared.
• The principle of psychological acceptability states that security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present.

3