Security Framework
7 : IISF Functional Viewpoint
• Principle of open design : a design should not be secret . The mechanisms should not depend on the ignorance of potential attackers , but rather on the possession of specific , more easily protected , keys or passwords .
• Principle of separation of privilege : where feasible , a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key .
• Principle of least privilege : every program and every user of the system should operate using the least set of privileges necessary to complete the job .
• Principle of least common mechanism : minimize the amount of mechanism common to more than one user and depended on by all users .
• Principle of psychological acceptability : it is essential that the human interface be designed for ease of use , so that users routinely and automatically apply the protection mechanisms correctly .
A broad number of capabilities and techniques may be applied to implementing each of the functional building blocks . Annex C provides an overview of these mechanisms and their respective applicability to each of the functional building blocks .
IIC : PUB : G4 : V1.0 : PB : 20160926 - 59 -
TABLE OF CONTENTS