| 释义 |
principles of secure systems :aSimplicity—the accuracy of security measures, incorporated in hardware and software, can be more readily checked if those measures are simple and small.bFail safe—accesses should require explicit authorizationi.e.the default situation is no access.cComplete mediation—checking of access against access control information must be performed under all circumstances including normal operation, maintenance, recovery, etc.dSeparation of privilege—a twokey philosophy, with each key located in a separate compartment, ensures that a single failure does not result in a security break.eLeast privilege—every process should operate with the minimum level of privilege necessary to perform the requisite task.fLeast common mechanism—the use of shared mechanisms among users should be minimized for their mutual security.gUser acceptability—security measures should not unduly interfere with the work of users while, of course, fulfilling all necessary security constraints.hPublic scrutiny—security measures should be available for review by expertse.g., encryption arithmetic can be widely publicized, with their security depending only on the secrecy of the cryptographic key.;在计算机安全学中,Saltzer和Schroeder阐明了安全系统的以下原则:1简单性—简单的安全措施在硬件、软件的共同参与下其正确性很容易检查。2故障保险——存取操作都要求有明确的特许即缺省情况下没有存取权限。3安全仲裁——在任何情况下,包括正常操作、维护、修复等都必须检查操作控制信息。4权限分离——一种双保险策略,每个保险分别位于一个独立的部分,保证一个损失不会造成整个安全性受损。5最少权限——每一进程都在任务所需的最低权限下工作。6最少共同机构——用户间共享的机构应限制到最小程度。7用户可接受性——安全措施应当既不过于干涉用户的工作,又满足所有应有的安全性限制。8公开审查——安全措施必须可以由专家进行评审例如,加密算法可以公之于众,其安全性仅依赖于密钥的保密程度。 |