A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles

  title={A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles},
  author={Richard E. Smith},
  journal={IEEE Security \& Privacy},
  • Richard E. Smith
  • Published 1 November 2012
  • Computer Science
  • IEEE Security & Privacy
In 1975, Jerome Saltzer and Michael Schroeder published "The Protection of Information in Computer Systems," which outlined a series of design principles for secure systems. Some principles, like separation of privilege and least privilege, have become staples of information security practice. Other principles, like simplicity and complete mediation, have failed to thrive. Attempts to codify information security principles for general practice have also failed to thrive. With a few exceptions… 

Figures from this paper

Security tag computation and propagation in OSFA
The security principles of (1) complete mediation; (2) least privilege; and (3) privilege separation are reviewed; and the benefits of using two level security tags for security tag computations are described.
Is "Deny Access" a Valid "Fail-Safe Default" Principle for Building Security in Cyberphysical Systems?
In 1975, Saltzer and Schroeder (S&S) elucidated eight design principles that shaped decades of security research and development.1 Some of them are listed as key tenets of security protocols2 in
P Chapter 1 Supplement : Introduction to Security for Computer Architecture Students
It becomes important, even necessary, for security to be built into the lowest levels of the computing stack, and must become a fundamental part of computer architecture, andmust be included in any serious study of the subject.
High assurance state machine microprocessor concept: Aberdeen Architecture
This paper presents an introduction to the Aberdeen Architecture, a high assurance microprocessor architecture concept which implements Saltzer and Schroeder’s 1975 security principles in hardware.
Consolidating Principles and Patterns for Human-centred Usable Security Research and Development
It is argued that both the insights presented in this paper and the repository will be highly valuable for students for getting a good overview, practitioners for implementing usable security and researchers for identifying areas of future research.
Secure Computing Architecture: A Direction for the Future -- The OS Friendly Microprocessor Architecture
A short historical review of computer security covering computer architectures and operating systems is presented and a new research direction is explored: the OS Friendly Microprocessor Architecture (OSFA), a thread-safe architecture that addresses the context switch overhead problem and helps reduce OS complexity.
On providing systematized access to consolidated principles, guidelines and patterns for usable security research and development†
It is argued that both the insights presented in this article and the web-based repository will be highly valuable for students to get a good overview, practitioners to implement usable security and researchers to identify areas of future research.
Basic Concepts and Models of Cybersecurity
This introductory chapter reviews the fundamental concepts of cybersecurity. It begins with common threats to information and systems to illustrate how matters of security can be addressed with
Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations
A thematic analysis is undertaken to identify 7 core ways to improve usability of APIs and finds that most of the recommendations focus on helping API developers to construct and structure their code and make it more usable and easier for programmers to understand.


The Craft of System Security
The Craft of System Security systematically introduces the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security.
The protection of information in computer systems
This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification by examining in depth the principles of modern protection architectures and the relation between capability systems and access control list systems.
Computers at Risk: Safe Computing in the Information Age
The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.
Curriculum Guidelines for Undergraduate Degree Programs in Information Technology
This document represents the final report of the Joint Task Force on Computing Curricula - an undertaking of SIGITE (Special Interest Group on Information Technology Education) of the ACM
Introduction to Computer Security, AddisonWesley
  • 2005