Home :: Blogs :: mlissner's blog

Analyzing Facebook's Security Mechanisms

By mlissner - Posted on November 15th, 2009
Tagged:  

For my Privacy, Security and Cryptography class, we studied a set of 13 principles for secure systems:

  1. Security is Economics
  2. Least Privilege
  3. Use Fail-Safe Defaults
  4. Separation of Responsibility
  5. Defense in Depth
  6. Psychological Acceptability
  7. Usability
  8. Ensure Complete Mediation
  9. Least Common Mechanism
  10. Detect if You Cannot Prevent
  11. Orthogonal Security
  12. Don’t Rely on Security Through Obscurity
  13. Design Security in, From the Start

For our midterm, we were asked to analyze how Facebook exemplifies or does not follow these principles. It was an interesting assignment, which finally forced me to think more thoroughly about Facebook's security policies, and I'm happy to attach my findings here.

For some people these may be rather run of the mill notes. For others, you may be surprised at poor security of the world's biggest photo and social networking site.

Enjoy.

AttachmentSize
Facebook's Battle Sign, Michael Lissner, 16 November 2009.pdf109.87 KB

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.