Saltzer and Schroeder's design principles are design principles enumerated by Jerome Saltzer and Michael Schroeder in their 1975 article The Protection of Information in Computer Systems,[1] that from their experience are important for the design of secure software systems.
Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users.
Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly.
Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker.
Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.
^Smith, R. E. (November 2012). "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles". IEEE Security Privacy. 10 (6): 20–25. doi:10.1109/MSP.2012.85. ISSN1540-7993. S2CID13371996.
[1] The resources of the Industrial Internet Consortium – Volume 4 Industrial IoT Chapter 7.9 FROM FUNCTIONAL TO IMPLEMENTATION VIEWPOINT page 58]