$1.$ Assume a database service runs with highest privileges $($root or superuser$).$ A privilege escalation SQL injection attack enables an attacker to craft and run a custom query. In this case, what design principle has been violated by the attacker. User acceptability Correct Answer least privilege. You Answered Economy of mechanism. Open DesignKAssume a database service runs with highest privileges $($root or superuser$).$ A privilege escalation SQL injection attack enables an attacker to craft and run a custom query. In this case, what design principle has been violated by the attacker. User acceptability Correct Answer least privilege. You Answered Economy of mechanism. Open Designerckhoff's principle states that a system should remain secure if everything about the system, except secrets held in keys, are made public. The design principle discussed in class which captures Kerckhoff's principle is a$.$ Least privilege b$.$Open design c$.$ Fail$-$safe defaults d$.$ User acceptability $2.$ Assume a database service runs with highest privileges $($root or superuser$).$ A privilege escalation SQL injection attack enables an attacker to craft and run a custom query. In this case, what design principle has been violated by the attacker. a$.$ User acceptability b$.$least privilege. c$.$ Economy of mechanism. d$.$Open Design. $3.$ Major vulnerabilities in open source software have been reported in the recent years. This observation runs counter to the following design principle. a$.$ Defense$-$in$-$depth b$.$ Failsafe defaults. c$.$ Open design. d$.$ Least common mechanism. $\mathrm{.}4$ Because of potential hacking of election systems, vendors are advocating the use of voting machines that record the vote automatically but produce a paper receipt that can be used by a voter to verify his$/$her choices. Such receipts can also be used in an audit in a close election. Many security researchers are skeptical of such machines that automatically record user votes even when a paper receipt is generated because they rely on the assumption that voters will check receipts. Such skepticism can possibly explained by the following design principle. a$.$ Economy of mechanism b$.$ User acceptability c$.$Open Design d$.$ Least Privilege. $5.$ According to the Saltzer and Schroeder paper that was assigned for reading, proposals that advocate performance gains by caching of access control decisions could violate the following design principle fail$-$a$.$ safe defaults. b$.$ complete mediation. c$.$ open design. d$.$ least privilege.