This chapter examines how to architect and design systems that accomplish the security goals covered in Chapter 1. We first spend some time discussing prototypical threats to software, and then discuss how to design security into applications from the beginning. We focus on a number of high-level approaches and trade-offs, and discuss how security is sometimes perceived to be at odds with factors such as convenience and usability. We also discuss the concept of “security by obscurity” and why it is usually not sufficient. We look at security as a game of economics and risk management. Some of the approaches and design principles we cover in this chapter and the next were for the first time described in Jerome Saltzer and Michael Schroeder’s paper, “The Protection of Information in Computer Systems”—we bring them to life and illustrate them with many real-world examples.
KeywordsCredit Card Transmission Control Protocol Internet Protocol Internet Protocol Address Security Goal
Unable to display preview. Download preview PDF.