Tuesday, January 18, 2011

Various dimensions of Security

When we design our applications to be secure, we have to consider all aspects of security. I have often seen people associate security with just authentication and authorization, but there are other security principles to be considered as stated below.
  1. Integrity: We have to ensure that all messages/data have not been tampered with. Integrity of messages ensures that the data has not been maliciously modified by 'man-in-the-middle'.
  2. Confidentiality: This security principle ensures that all messages are encrypted and cannot be eavesdropped. 
  3. Authentication/Authorization: Ensure that all resource access goes through a proper authentication process.
  4. Non-Repudiation: This ensures that any party involved cannot refute the validity of a message exchange.
Modern toolkits and technologies such as digital certifications satisfy all of the above security principles.