Security Framework
7: IISF Functional Viewpoint
• Principle of open design: a design should not be secret. The mechanisms should not depend on the ignorance of potential attackers, but rather on the possession of specific, more easily protected, keys or passwords.
• Principle of separation of privilege: where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
• Principle of least privilege: every program and every user of the system should operate using the least set of privileges necessary to complete the job.
• Principle of least common mechanism: minimize the amount of mechanism common to more than one user and depended on by all users.
• Principle of psychological acceptability: it is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly.
A broad number of capabilities and techniques may be applied to implementing each of the functional building blocks. Annex C provides an overview of these mechanisms and their respective applicability to each of the functional building blocks.
IIC: PUB: G4: V1.0: PB: 20160926- 59-
TABLE OF CONTENTS