Design Principles for Secure Systems

EasyChair Preprint no. 10435

Abstract

Many designers mistakenly believe that strengthening security always reduces usability and vice versa.  This paper presents useful principles for designing and building a secure system. The principles are useful to those whose aims are to design secure systems and to review existing ones. This paper explores the design principles of secure systems, which are essential for maintaining the confidentiality, integrity, and availability of data and systems. The principles of modularity, isolation, and secure-by-default are critical in ensuring systems are resilient to attacks and can recover securely from failures. The principle of least privilege is also discussed, as it is key in ensuring users only have the access they need, minimizing the risk of system compromise. Also, the principle of failing-securely is also considered. This principle ensures that systems can detect and respond to attacks or failures in a way that minimizes their impact. The implementation of these principles requires thorough understanding of the system architecture and potential threats. This paper emphasizes the importance of considering security from the beginning of the design process and continually throughout the system lifecycle. Overall, by following these principles, designers and architects can create secure systems that protect against a wide range of threats, resulting in boost of confidence among users and stakeholders. This study makes two significant contributions: first, it gives a model to help with thinking, and second, it offers actual advice in the form of seven interaction design principles for secure systems.

Keyphrases: Availability, Confidentiality, Cybersecurity Principles, design principles, Integrity, secure system

@Booklet{EasyChair:10435,
  author = {Taofeek O. Agboola},
  title = {Design Principles for Secure Systems},
  howpublished = {EasyChair Preprint no. 10435},

  year = {EasyChair, 2023}}