Is "deny Access" a Valid "fail-Safe Default" Principle for Building Security in Cyberphysical Systems?

F. Massacci

doi:10.1109/MSEC.2019.2918820

Is "deny Access" a Valid "fail-Safe Default" Principle for Building Security in Cyberphysical Systems?

Research output: Contribution to Journal › Article › Academic › peer-review

Abstract

© 2003-2012 IEEE.In 1975, Saltzer and Schroeder (SS) elucidated eight design principles that shaped decades of security research and development.1 Some of them are listed as key tenets of security protocols2 in software design methodologies, such as Microsoft's Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege threat model,3,4 and in McGraw's 2004 article "Software Security" in IEEE Security Privacy.5

Original language	English
Article number	8821456
Pages (from-to)	90-93
Journal	IEEE Security and Privacy
Volume	17
Issue number	5
DOIs	https://doi.org/10.1109/MSEC.2019.2918820
Publication status	Published - 1 Sept 2019
Externally published	Yes

Access to Document

10.1109/MSEC.2019.2918820

Handle.net

Persistent link

Cite this

@article{a8dbabdd8a5f4d7e8b025f6567e88fce,

title = "Is {"}deny Access{"} a Valid {"}fail-Safe Default{"} Principle for Building Security in Cyberphysical Systems?",

abstract = "{\textcopyright} 2003-2012 IEEE.In 1975, Saltzer and Schroeder (SS) elucidated eight design principles that shaped decades of security research and development.1 Some of them are listed as key tenets of security protocols2 in software design methodologies, such as Microsoft's Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege threat model,3,4 and in McGraw's 2004 article {"}Software Security{"} in IEEE Security Privacy.5",

author = "F. Massacci",

year = "2019",

month = sep,

day = "1",

doi = "10.1109/MSEC.2019.2918820",

language = "English",

volume = "17",

pages = "90--93",

journal = "IEEE Security & Privacy",

issn = "1540-7993",