Security Design Principles—these are essential guidelines followed when designing secure systems, software, or networks. They help minimize vulnerabilities and reduce the risk of security breaches.
These principles were originally defined by Saltzer and Schroeder and are still widely used today in modern security architecture.
A subject (user, program, process) should be given only the minimum access rights it needs to perform its job.
✅ Reduces the potential damage from accidents or malicious behavior.
🛡️ Example: A user who only needs to read a file shouldn’t have write permissions.
By default, access should be denied, and permissions should be granted only when explicitly required.
✅ Helps prevent unintended access.
🛡️ Example: A new user account starts with no access until permissions are set.
Keep the design as simple and small as possible.
✅ Simpler systems are easier to understand, audit, and secure.
🛡️ Example: Avoid overly complex authentication systems unless necessary.
Every access to every resource must be checked for authorization.
✅ Prevents bypassing security checks by reusing already validated sessions or tokens.
🛡️ Example: A web app checking permissions every time a user requests a resource—not just at login.
The security of the system should not depend on secrecy of design or implementation.
✅ Relies on strong cryptographic keys, not secrecy of algorithms.
🛡️ Example: Use open-source encryption standards like AES.
Access should depend on more than one condition (multifactor, multilevel).
✅ Adds layers of security.
🛡️ Example: A user needs both a password and a smart card to log in.
Minimize the sharing of mechanisms between users to prevent unintended information flow.
✅ Reduces risk from shared dependencies.
🛡️ Example: Avoid shared memory between users unless properly isolated.
Security mechanisms should be easy to use and understand.
✅ Users are more likely to follow security procedures.
🛡️ Example: Clear error messages, user-friendly authentication, and simple security prompts.
Use multiple layers of security controls so if one fails, others still protect the system.
✅ Increases overall system resilience.
🛡️ Example: Firewall + antivirus + intrusion detection + encryption.
Reduce the number of entry points where an attacker could gain access.
✅ Fewer vulnerabilities to exploit.
🛡️ Example: Disable unused services and close unnecessary ports.
| Principle | Description |
|---|---|
| Least Privilege | Minimum required access only |
| Fail-Safe Defaults | Deny by default |
| Economy of Mechanism | Keep it simple |
| Complete Mediation | Check every access |
| Open Design | Security doesn't depend on secrecy |
| Separation of Privilege | Use multiple conditions |
| Least Common Mechanism | Avoid shared resources |
| Psychological Acceptability | Make security user-friendly |
| Defense in Depth | Multiple layers of defense |
| Minimize Attack Surface | Reduce points of vulnerability |
Open this section to load past papers