Abstract

This report provides a distillation, synthesis and organization of key principles for the construction of secure computing systems, and supports the analysis with examples where needed for clarity. Our conclusions reflect a broad range of previous related work including the landmark study by Saltzer and Schroeder and several subsequent reports. We found that some of the early design principles required re-examination due to, for example, advances in performance and extensibility as well as the effects of various new technologies. We focus on a concise summary articulation of the principles as they apply to the development of the most elemental components of a basic security system. The results are organized into several major categories: structure, logic and function, system lifecycle, and lessons learned.