- Integrity: We have to ensure that all messages/data have not been tampered with. Integrity of messages ensures that the data has not been maliciously modified by 'man-in-the-middle'.
- Confidentiality: This security principle ensures that all messages are encrypted and cannot be eavesdropped.
- Authentication/Authorization: Ensure that all resource access goes through a proper authentication process.
- Non-Repudiation: This ensures that any party involved cannot refute the validity of a message exchange.
Tuesday, January 18, 2011
Various dimensions of Security
When we design our applications to be secure, we have to consider all aspects of security. I have often seen people associate security with just authentication and authorization, but there are other security principles to be considered as stated below.