Stanford Foundations of Information Security XACS101 1.2 - Secure System Design

Notes from section 1.2 - Secure System Design of Stanford Foundations of Information Security XACS101 Course.

Understanding Threats

Takeaways: Security concerns are variable depending on circumstances. Have to prioritize what is important.

Designing-In Security

Takeaways: Bake security in. Don’t use Turtle Shell Architecture to protect. Good technology increases security w/ little inconvenience.

Security in Software Requirements

Mod 10 Checksum Credit Card number validity check

Access Control, Auditing, Confidentiality, Availability should be include in design docs

Security by Obscurity

Trying to be secure by hiding details of how system work. Doesn’t work because;

Kerckhoffs’ doctrine - assume adversary knows how algorithm works. Key for security b/c can be changed/easier to keep secret.

Game of Economics

For every dollar spend by defender, how much would attacker have to spend to break system? 

If cost to break system is much higher than gain, system can be considered secure.

Security is about risk management.

“Good Enough” security