Componentization of Security Principles

By Justin Richer , Dazza Greenwood , Bruce Bakis

As desirable as it would be, there exists no control that could be turned to “Maximum Security” without affecting other factors such as cost or usability. In this paper, the authors present a position on the value of componentizing security principles.

Download Resources


PDF Accessibility

One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.

Security of computer systems is not a simple topic. As desirable as it would be, there exists no control that could be turned to “Maximum Security” without affecting other factors such as cost or usability. In reality, all security decisions are made in a complex context with various tradeoffs. Recognizing security as a contextual problem offers an occasion to view different aspects of security in a componentized way. These components depend on the context in which the security decision is being made, and some components follow here.

In this paper, the authors present a position on the value of componentizing security principles. They then discuss a set of emerging technologies that are able to make full use of such componentized principles. Finally, they present a high-level case study of one company’s deployment of this technology.