Professional Documents
Culture Documents
Principles
Principles
Principles for
Designing Secure Systems
Abhishek Bichhawat 06/01/2023
Logistics
2
Building Secure Systems (story so far)
4
Building Secure Systems
5
Building Secure Systems
6
Building Secure Systems
7
Building Secure Systems
8
Building Secure Systems
9
Building Secure Systems
10
Building Secure Systems
11
Building Secure Systems
12
Building Secure Systems
13
Building Secure Systems
15
Building Secure Systems
17
Confidentiality, Privacy and Secrecy
19
Authentication
20
Authentication
21
Anonymity
22
Non-repudiation
● Non-repudiation
○ Assurance that someone cannot deny something
○ In the context of security, it often involves digital signature
23
Authorization, access-control, certification and
revocation
● Authorization
○ official sanction to do something or be someone
● Access control
○ Restricting access to resources to privileged entities
● Certification
○ Endorsement of information
by a trusted entity
● Revocation
○ Retraction of certification or
authorization
24
Availability
25
What Goes Wrong!
26
What Goes Wrong – The Policy
27
What Goes Wrong – The Policy
28
What Goes Wrong – The Policy
29
What Goes Wrong – The Policy
30
What Goes Wrong – The Policy
33
What Goes Wrong – Attack Assumption
34
What Goes Wrong – Attack Assumption
35
What Goes Wrong – Attack Assumption
36
What Goes Wrong – Attack Assumption
37
What Goes Wrong – Attack Assumption
38
What Goes Wrong – Bugs
39
What Goes Wrong – Bugs
40
What Goes Wrong – Bugs
41