| Saltzer-Schroeder Guidelines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| • | System
design should be public |
|||||||||||
| • | Default
should be no access |
|||||||||||
| • | Check
current authority – no caching! |
|||||||||||
| • | Least
privilege possible for processes |
|||||||||||
| • | Protection
mechanism should be |
|||||||||||
| – | Simple,
uniform, built into lowest layers of system |
|||||||||||
| • | Psychologically
acceptable |
|||||||||||
| • | KISS! |
|||||||||||
