2.2. Principles of Security Architecture

We've defined 30 basic principles of security architecture:

  1. Start by asking questions

  2. Select a destination before stepping on the gas

  3. Decide how much security is "just enough"

  4. Employ standard engineering techniques

  5. Identify your assumptions

  6. Engineer security in from day one

  7. Design with the enemy in mind

  8. Understand and respect the chain of trust

  9. Be stingy with privileges

  10. Test any proposed action against policy

  11. Build in appropriate levels of fault tolerance

  12. Address error-handling issues appropriately

  13. Degrade gracefully

  14. Fail safely

  15. Choose safe default actions and values

  16. Stay on the simple side

  17. Modularize thoroughly

  18. Don't rely on obfuscation

  19. Maintain minimal retained state

  20. Adopt practical measures users can live with

  21. Make sure some individual is accountable

  22. Self-limit program consumption of resources

  23. Make sure it's possible to reconstruct events

  24. Eliminate "weak links"

  25. Build in multiple layers of defense

  26. Treat an application as a holistic whole

  27. Reuse code known to be secure

  28. Don't rely on off-the-shelf software for security

  29. Don't let security needs overwhelm democratic principles

  30. Remember to ask, "What did I forget?"

The following sections define these principles in greater detail, and subsequent chapters explain them in the context of different phases of software development.

2.2.1. Start by Asking Questions

Whether you're starting from scratch with a clean sheet of paper or have been handed a complex piece of software that needs fixing or updating, your first step in ...

Get Secure Coding: Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.