In this episode, Kip and Jason cover the Security Design Principle of “Least Common Mechanism”.

The Lease Common Mechanism is the ninth security design principle and focuses on how you can best protect older, legacy systems in large organizations and within the government.

Security Design Principle #9 is a crucial concept in the field of cybersecurity. It advocates for minimizing the amount of mechanisms shared by different users or processes, thereby reducing the chances of a security breach. This principle is rooted in the idea that shared resources or functionalities can become potential vulnerabilities, especially if they are used by multiple entities with varying levels of trustworthiness.

The principle is based on the understanding that any shared mechanism or resource is a potential attack surface. When different programs or users rely on the same functionality or data paths, a breach in one can easily become a gateway to compromise the others. For instance, if a shared library has a vulnerability, every program using that library is at risk. Therefore, by reducing the number of shared components, the principle of Least Common Mechanism aims to limit the potential damage that can be caused by a security flaw or breach.

Implementing this principle involves designing systems where the functionalities are as isolated as possible. This can be achieved through techniques like sandboxing, where programs run in isolated environments, or through the use of microservices architectures, where applications are broken down into smaller, independent services. Each service or program having its unique mechanisms greatly diminishes the risk of a widespread security incident.

The principle also underlines the importance of not only securing shared resources but also constantly monitoring them. Regular audits and updates of shared components are vital to ensure they remain secure. In essence, the Least Common Mechanism principle is about understanding the risks associated with shared resources and proactively designing systems to minimize these risks.

Relevant websites for this episode

• Akylade Certified Cyber Resilience Fundamentals (A/CCRF)
• Your Cyber Path

Other Relevant Episodes

• Episode 96 – SDP 1 – Least Privilege
• Episode 98 – SDP 2 – Psychological Acceptability
• Episode 101 – SDP 3 – Economy of Mechanism
• Episode 103 – SDP 4 – Compromise Recording
• Episode 105 – SDP 5 – Work Factor
• Episode 107 – SDP 6 – Failsafe Defaults
• Episode 109 – SDP 7 – Complete Mediation
• Episode 111 - SDP 8 – Open Design