Saltzer and Schroeder's design principles

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Saltzer and Schroeder's design principles" – news · newspapers · books · scholar · JSTOR (December 2017) (Learn how and when to remove this message) The topic of this article may not meet Wikipedia's notability guidelines for products and services. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "Saltzer and Schroeder's design principles" – news · newspapers · books · scholar · JSTOR (December 2017) (Learn how and when to remove this message) This article has an unclear citation style. The references used may be made clearer with a different or consistent style of citation and footnoting. (December 2017) (Learn how and when to remove this message) (Learn how and when to remove this message)

Saltzer and Schroeder's design principles are design principles enumerated by Jerome Saltzer and Michael Schroeder in their 1975 article The Protection of Information in Computer Systems,^[1] that from their experience are important for the design of secure software systems.

• Economy of mechanism: Keep the design as simple and small as possible.
• Fail-safe defaults: Base access decisions on permission rather than exclusion.
• Complete mediation: Every access to every object must be checked for authority.
• Open design: The design should not be secret.
• Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
• Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
• Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users.
• Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly.
• Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker.
• Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.

• The resources of the Industrial Internet Consortium – Volume 4 Industrial IoT. Chapter 7.9, p. 58: From Functional to Implementation Viewpoint.

• Saltzer and Schroeder's design principles

This computer security article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e