Principle of Economy of Mechanism
The protection mechanism should have a simple and small design.
Principle of Fail-safe Defaults
The protection mechanism should deny access by default, and grant accessonly when explicit permission exists.
Principle of Complete Mediation
The protection mechanism should check every access to every object.
Principle of Open Design
The protection mechanism should not depend on attackers being ignorantof its design to succeed. It may however be based on the attacker’signorance of specific information such as passwords or cipher keys.
Principle of Separation of Privilege
The protection mechanism should grant access based on more than onepiece of information.
Principle of Least Privilege
The protection mechanism should force every process to operate with theminimum privileges needed to perform its task.
Principle of Least Common Mechanism
The protection mechanism should be shared as little as possible amongusers.
Principle of Psychological Acceptability
The protection mechanism should be easy to use (at least as easy as notusing it).