There are 9 most widely known sets of computer security principles and the Open Web Application Security Project (OWASP) supplies the most important aspects of these security principles. Fail Securely is one of those security principles which will be focused in this assignment. Fail Securely is a system designed which allows access to system components when each step of the process is successfully completed. For instance, an electromechanical locking system can be considered as a good example for Fail Securely. Most of the organizations, schools, motels, etc use this kind of mechanism as an entry to critical areas in the building or as a private entry to check-in.
A security chip is used to access the areas according to the privileges that were set. Now, in case of a power outage, a general system would collapse, granting access to the doors since these locks fail to work. Instead, this technique would fail securely and locks all the doors preventing any theft or damage to the building.
Software design also implements a similar concept. When a system is designed to fail securely, it only grants access to the system parts after successfully completing each step of the process. Elevators falling down securely when there is a failure of electrical service and traffic lights blinking red when their service interrupts are also the best examples given by our professor in his class presentation. I would like to include a statement and example from the article written by Schneier (April 2000), Fail Securely. He indicates that networks should be designed in a secure manner so that when the products fail, they must break down in a secure manner.
He backs it up by proving an example on ATM failure by saying “When an ATM fails, it doesn’t scatter money from the slot. Instead, it fails securely.” There are also a couple related principles from Howard and LeBlanc (2002) mentioned in their article in Chapter 3, “Plan on Failure” which said Stuff fails and stuff breaks.
The causes would be varied for different cases. It might be worn and tear in case of mechanical equipment and it might be bugs in the system in case of software or hardware systems. Make emergency security plans because bugs in the system happens and we need a plan to eliminate them. What happens when the firewall is breached or if the website is disfigured or if the application is compromised? Therefore, we must plan for the worst-case scenario. This is similar to having a fire escape plan where we hope that we’ll never have to bring that into action except in case of fire but when we do, we must have a better chance of surviving the incident.
The System is Designed to Access System Components. (2023, Feb 19). Retrieved from https://paperap.com/the-system-is-designed-to-access-system-components/