TECHNICAL ISO/IEC TS SPECIFICATION 19249 First edition 2017-10 Information technology Security techniques Catalogue of architectural and design principles for secure products, systems and applications Technologies de I'information - Techniques de sécurité - Catalogue desprincipesarchitecturauxetconceptuelspourlasécurisationdes produits, systemes et applications Reference number ISO/IEC TS 19249:2017(E) EC s CopyrightInternationalOrganization for Standardization @IS0/IEC 2017 ACKEY, MA out license from IHS IS0/IEC TS 19249:2017(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org @ IS0/IEC 2017 - All rights reserved Iniv/5926867100,User=JACKEY,MA IS0/IEC TS 19249:2017(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. 2 Normative references 3 Terms and definitions ..1 4 Architectural principles for secure products, systems and applications .2 4.1 General .2 4.2 Domain separation .3 4.2.1 General. .3 4.2.2 Principles for defining domain structures. .3 4.2.3 Principles for defining inter-domain communication 3 4.2.4 Security policies that may be enforced using domain separation. .4 4.2.5 Examples. .4 4.2.6 Considerations for evaluation .4 4.3 Layering .5 4.3.1 General. 5 4.3.2 Principles for defining layers. 5 4.3.3 Principles for Interfaces exposed bya layer .5 4.3.4 Security policies that may be enforced using layering .5 4.3.5 Examples 6 4.3.6 Considerationsforevaluation .6 4.4 Encapsulation. 6 4.4.1 General ..6 4.4.2 Principles for defining encapsulation 7 4.4.3 Security policies that may be enforced using encapsulation. 1 4.4.4 Examples .7 4.4.5 Considerations for evaluation. .7 4.5 Redundancy 4.5.1 General .7 4.5.2 Principles for defining redundant elements ..8 4.5.3 Principles for keeping consistency between redundant elements .8 4.5.4 Security policies that may be enforced using redundancy .8 4.5.5 Examples ..8 4.5.6 Considerations for evaluation .9 4.6 Virtualization .10 4.6.1 General .10 4.6.2 Principles for defining virtualization. .10 4.6.3 Security policies that may be enforced using virtualization. ..10 4.6.4 Examples 4.6.5 Considerations for evaluation ..11 5 Design principles ..11 5.1 General .11 5.2 List of design principles for security .12 5.2.1 Least privilege. .12 5.2.2 Attack surface minimization. ..13 5.2.3 Centralized parameter validation .. 15 5.2.4 Centralized general security services ..17 5.2.5 Preparing for error and exception handling. .18 5.3 Using the design principles when designing a secure system or application. 20 5.3.1 General 20 5.3.2 Least privilege. .20 5.3.3 Attack surface minimization. .20 opyintntematonaAll rights reerved ii