Re: Principle of Inclusion?

From: David Wagner (dawat_private)
Date: Tue Jun 26 2001 - 20:31:05 PDT

  • Next message: Roger Burton West: "Re: CDSA-biometrics"

    >  We have all heard the old security principle of not filtering out
    >known bad input but filtering in known good input, but I've never heard
    >it "named" like we name the "principle of least privilege". Do you know
    >of any such name?
    
    It's an instance of what's known as "fail-safe defaults".
    (restrictive policies are preferred over permissive policies)
    
    See Saltzer and Schroeder's paper "The Protection of Information
    in Computer Systems" for a list of several such principles.
    http://web.mit.edu/Saltzer/www/publications/protection/index.html
    This particular one appears in Section I.A.3.b.
    



    This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:17:48 PDT