For my Privacy, Security and Cryptography class, we studied a set of 13 principles for secure systems:
- Security is Economics
- Least Privilege
- Use Fail-Safe Defaults
- Separation of Responsibility
- Defense in Depth
- Psychological Acceptability
- Ensure Complete Mediation
- Least Common Mechanism
- Detect if You Cannot Prevent
- Orthogonal Security
- Don’t Rely on Security Through Obscurity
- Design Security in, From the Start
For our midterm, we were asked to analyze how Facebook exemplifies or does not follow these principles. It was an interesting assignment, which finally forced me to think more thoroughly about Facebook's security policies, and I'm happy to attach my findings here.
For some people these may be rather run of the mill notes. For others, you may be surprised at poor security of the world's biggest photo and social networking site.