Designing for security

In designing any system and especially systems with a public facing interface, security is always a concern.

Jerome and Michael in an awesome paper titled The Protection of Information in Computer Systems layout general security principles that I think would be of great help to any designer, so below is a summary of the principles.

Least Privilege

An entity in the system should have the minimum set of permissions needed to carry out the actions for which they are authorized.

This may seem intuitively obvious but a lot of applications have the ability to read or even modify privileged information. This exposes the system to a possibility of wide damage in case they are ever hacked.

Fail safe default

A users access to any particular area in the system should by default be denied unless a specific permit is given.

Guess now you know why you had to signup to use an API.

Economy of Mechanism

This again boils down to a principle we talk about frequently on this blog KISS (Keep It Simple Stupid).

All component interfaces and interactions between them should be simple enough to understand.

Complete Mediation

A system should always validate access rights when a request for a resource is made.

That is never try to cache permissions based on any parameter. However, make it easy to generate new authorization taken when need be.

Separation of Privilege

This principle states that granting of privileges should not be based on a single condition.

While this may seem counter intuitive at first think about say a bank manager who grants access to the vault. If the manager has this absolute right and he’s the only one that does, then what happens when the manager first needs access to the vault?

Least Common Mechanism

Systems working in concert should share the least amount of information needed.

This helps prevent spread of invasion from one machine to the next.

Psychological Acceptability

At the end of the day your system is useless if you protect it so much that no one is interested in using it anymore.

That is whatever security mechanisms you put in place, they should not make the resource harder to access than if the mechanisms we’re not there.

Have you used any of the above principles in the design of your own system? Talk to us.


Published by


Software Project Manager