<a href="https://colab.research.google.com/github/ericyoc/gencyber_10_sec_principles/blob/main/security_first_principles.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [2]:
import subprocess
from prettytable import PrettyTable

In [3]:
def domain_separation(domain):
    print("Creating separate environments for different domains")
    development_env = {"db_host": "dev.example.com", "api_key": "dev_key"}
    production_env = {"db_host": "prod.example.com", "api_key": "prod_key"}

    print("Using the appropriate environment based on the current domain")
    if domain == "development":
        env = development_env
    else:
        env = production_env

def process_isolation():
    print("Running a separate process in isolation")
    subprocess.run(["python", "isolated_script.py"], stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

class SecureData:
    def __init__(self, data):
        self._data = data

    def get_data(self):
        return self._data

def resource_encapsulation():
    print("Encapsulating sensitive data within a class")
    secure_info = SecureData("Sensitive Information")

    print("Accessing the data through the defined method")
    print(secure_info.get_data())

def least_privilege(user_role):
    if user_role == "admin":
        print("Granting admin privileges")
    else:
        print("Granting limited privileges")

def authenticate_user(username, password):
    print("Authentication logic here")
    pass

def process_request(request):
    print("Request processing logic here")
    pass

def modularity():
    print("Using modular components in the main application")
    username = input("Enter username: ")
    password = input("Enter password: ")
    if authenticate_user(username, password):
        request = input("Enter request: ")
        process_request(request)

def validate_input(input_data):
    print("Performing input validation")
    pass

def sanitize_data(input_data):
    print("Performing data sanitization")
    pass

def process_data(input_data):
    print("Processing the validated and sanitized data")
    pass

def layering():
    print("Applying multiple layers of security")
    input_data = "User input"
    validated_data = validate_input(input_data)
    sanitized_data = sanitize_data(validated_data)
    process_data(sanitized_data)

class User:
    def __init__(self, username, password):
        self._username = username
        self._password = self._hash_password(password)

    def _hash_password(self, password):
        print("Hashing the password before storing it")
        pass

def information_hiding():
    print("Hiding sensitive information (password) within the class")
    user = User("johndoe", "secretpassword")

def is_user_authenticated(username, password):
    print("Simple authentication logic")
    pass

def simplicity():
    print("Using simple and clear naming conventions")
    print("Using straightforward and readable code")
    if is_user_authenticated("username", "password"):
        print("Granting access")
    else:
        print("Denying access")

def minimization():
    print("Collecting only necessary data")
    username = input("Enter username: ")
    password = input("Enter password: ")

    print("Avoiding storing sensitive data unnecessarily")
    authenticated = authenticate_user(username, password)

    print("Clearing sensitive data after use")
    del password

def fault_tolerance():
    try:
        print("Attempting to connect to the database")
        connection = "Database connection"
    except ConnectionError:
        print("Failed to connect to the database. Using local cache.")
        connection = "Local cache connection"
    finally:
        print("Always closing the connection")
        # connection.close()

def create_security_principles_table():
    table = PrettyTable()
    table.field_names = ["Security First Principle", "Description", "Before", "After"]
    table.align["Security First Principle"] = "l"
    table.align["Description"] = "l"
    table.align["Before"] = "l"
    table.align["After"] = "l"

    principles = [
        ["1. Domain Separation", "Separating different network domains and resources based on their sensitivity and criticality.", "No separation of environments.", "Separate environments created for development and production domains."],
        ["2. Process Isolation", "Running different processes in separate environments to prevent unauthorized access and data leakage.", "No process isolation.", "Separate process run in isolation using subprocess module."],
        ["3. Resource Encapsulation", "Encapsulating resources and data to protect them from unauthorized access and modification.", "Sensitive data not encapsulated.", "Sensitive data encapsulated within a class and accessed through defined methods."],
        ["4. Least Privilege", "Granting users and processes only the minimum level of access and permissions necessary to perform their tasks.", "No differentiation of privileges.", "Different privileges granted based on user role (admin or user)."],
        ["5. Modularity", "Designing systems and applications in a modular way to limit the impact of security breaches and make them easier to manage and update.", "No modular components.", "Modular components created for authentication and request processing."],
        ["6. Layering", "Implementing multiple layers of security controls to provide defense-in-depth and reduce the risk of a single point of failure.", "No layered security.", "Multiple layers of security applied, including input validation, data sanitization, and data processing."],
        ["7. Information Hiding", "Protecting sensitive information by hiding it from unauthorized users and processes.", "Sensitive information not hidden.", "Sensitive information (password) hidden within a class and hashed before storing."],
        ["8. Simplicity", "Keeping systems and security controls simple to reduce the attack surface and make them easier to understand and manage.", "No consideration for simplicity.", "Simple and clear naming conventions used, along with straightforward and readable code."],
        ["9. Minimization", "Minimizing the collection, storage, and use of sensitive data to reduce the risk of data breaches and privacy violations.", "No minimization of data collection and storage.", "Only necessary data collected, sensitive data not stored unnecessarily, and cleared after use."],
        ["10. Fault Tolerance", "Designing systems to be resilient and able to continue operating even in the presence of failures or attacks.", "No fault tolerance measures.", "Fault tolerance implemented by handling database connection errors and using local cache as a fallback."]
    ]

    for principle in principles:
        table.add_row(principle)

    print(table)

def main():
    print("Demonstrating GenCyber 10 Security First Principles")
    print("\n1. Domain Separation")
    domain_separation("production")

    print("\n2. Process Isolation")
    process_isolation()

    print("\n3. Resource Encapsulation")
    resource_encapsulation()

    print("\n4. Least Privilege")
    least_privilege("user")

    print("\n5. Modularity")
    modularity()

    print("\n6. Layering")
    layering()

    print("\n7. Information Hiding")
    information_hiding()

    print("\n8. Simplicity")
    simplicity()

    print("\n9. Minimization")
    minimization()

    print("\n10. Fault Tolerance")
    fault_tolerance()

    print("\nSecurity First Principles Table:")
    create_security_principles_table()

if __name__ == "__main__":
    main()

Demonstrating GenCyber 10 Security First Principles

1. Domain Separation
Creating separate environments for different domains
Using the appropriate environment based on the current domain

2. Process Isolation
Running a separate process in isolation

3. Resource Encapsulation
Encapsulating sensitive data within a class
Accessing the data through the defined method
Sensitive Information

4. Least Privilege
Granting limited privileges

5. Modularity
Using modular components in the main application
Enter username: eric
Enter password: aaa
Authentication logic here

6. Layering
Applying multiple layers of security
Performing input validation
Performing data sanitization
Processing the validated and sanitized data

7. Information Hiding
Hiding sensitive information (password) within the class
Hashing the password before storing it

8. Simplicity
Using simple and clear naming conventions
Using straightforward and readable code
Simple authentication logic
Denying access

9. Minimization
Coll