security design principles

some principles of security design

  • least privilege
  • seperation of privilege
  • fail-safe defaults
  • economy of mechanism
  • complete mediation (protection mechanisms should cover every access to every object)
  • open design (no security through obscurity)
  • least common mechanism (protection mechanisms should be shared to the least degree possible among users)
  • phychological acceptability