The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2012 vol.10)
pp: 20-25
Richard E. Smith , Cryptosmith
ABSTRACT
In 1975, Jerome Saltzer and Michael Schroeder published "The Protection of Information in Computer Systems," which outlined a series of design principles for secure systems. Some principles, like separation of privilege and least privilege, have become staples of information security practice. Other principles, like simplicity and complete mediation, have failed to thrive. Attempts to codify information security principles for general practice have also failed to thrive. With a few exceptions, modern textbooks either entirely omit lists of principles or present only the 1975 list. Although such lists might provide useful, if incomplete, guidelines for practitioners, their principal value might be in teaching students the fundamental concepts of information security.
INDEX TERMS
Information security, Standards, Cryptography, Design methodology, Privacy, Computer security, Schroeder, security, protection mechanisms, Saltzer
CITATION
Richard E. Smith, "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles", IEEE Security & Privacy, vol.10, no. 6, pp. 20-25, Nov.-Dec. 2012, doi:10.1109/MSP.2012.85
REFERENCES
1. J.H. Saltzer and M.D. Schroeder, “The Protection of Information in Computer Systems,” Proc. IEEE, vol. 63, no. 9, 1975, pp. 1278–1308.
2. C.P. Pfleeger, Security in Computing, Prentice Hall, 1998.
3. R. Smith, Elementary Information Security, Jones and Bartlett, 2013.
4. J.H. Saltzer and M.F. Kaashoek, Principles of Computer System Design, Wiley, 2009.
5. “Computers at Risk: Safe Computing in the Information Age,” Nat'l Research Council, National Academy Press, 1991; www.nap.eduopenbook.php?record_id=1581.
6. C.P. Pfleeger and S.L. Pfleeger, Security in Computing, 4th ed., Wiley, 2006.
7. S. Smith and J. Marchesini, The Craft of System Security, Addison-Wesley, 2008.
8. M. Bishop, Introduction to Computer Security, Addison-Wesley, 2005.
9. Information Technology 2008: Curriculum Guidelines for Undergraduate Degree Programs in Information Technology, IEEE CS and ACM, Nov. 2008; www.acm.org//education/curriculaIT2008%20Curriculum.pdf .
10. National Training Standard for Information Security (INFOSEC) Professionals, report NSTISSI 4011, Nat'l Security Telecommunications and Information Systems Security Committee, 1994; www.cnss.gov/Assets/pdfnstissi_4011.pdf.
29 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool