By Bill Graham
Trying to address a long list of security requirements for a device on a case-by-case basis is time consuming, costly and frankly not the best way to approach the problem. Two important architectural approaches to consider are separation of concerns and component reuse. Separation of concerns means separating out significant portions of a system into separate subsystems so they can be dealt with on their own (with well defined boundaries and interfaces). The reasons for this are many but for security design, it might be better to separate out the portion of the system that requires higher security from the rest of the system. This provides many benefits in terms of simplifying the system design, the security assessment and most importantly testing and validation (see a technical paper on this here).