To map security requirements to security mechanisms

To increase the number of privileges

To create complex systems

To avoid using existing technologies

Privileges should be granted based on seniority

All users should have the same access

Every subject should have only necessary privileges

Every subject should have maximum privileges

Complete Mediation

Open Design

Defense in Depth

Minimum Exposure

To allow maximum access by default

To minimize the need for security checks

To complicate user access

To ensure systems start in a secure state

To minimize the number of security checks

To allow all users access to all resources

To increase the attack surface

To isolate resources into groups

Defense in Depth

Minimum Exposure

Economy of Mechanism

Least Common Mechanism

Disclosure of system internals

Secrecy of design

Security through obscurity

Simplicity in design