Objectives

The goal of this homework is to learn important philosophies and concepts related to applications protection and deterrence.

Instructions

For each of the following Philosophies & Principles do the following

• Define it: What is does it mean?
• Write a scenario to describe how it is applied in real-world (Use Alice, bob, Chris). You may choose any type of security/privacy issues to clarify your example.

Defense in depth

If they break into this, they cant get any farther

Least privilege

Every user or module is given the least amount of privilege it needs

Fail securely

Exceptions put the system into weird states

Security by obscurity

You cant rely upon being obscure to be secure

Detect and record

Even if you cant always sift through that data ahead of time

Dont trust [input | environment | dependencies | *]

Know what to trust

Secure by default

Dont rely on your users to use it correctly

Keep it simple

Minimize the attack surface