information leakage-summary

information leakage-summary - CSCE 548 Secure Software...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 548 CSCE 548 Secure Software Development Secure Software Development Store and Protect Data Securely Store and Protect Data Securely Information Leakage Information Leakage Error Handling Error Handling
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 2 Information Protection Information Protection During transit During use During storage
Background image of page 2
CSCE 548 - Farkas 3 Access Control Access Control Protection objects : system resources for which protection is desirable Memory, file, directory, hardware resource, software resources, external devices, etc. Subjects : active entities requesting accesses to resources User, owner, program, etc. Access mode : type of access Read, write, execute
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 4 Access Control Requirement Access Control Requirement Cannot be bypassed Enforce least-privilege and need-to-know restrictions Enforce organizational policy
Background image of page 4
CSCE 548 - Farkas 5 Access Control Access Control Access control : ensures that all direct accesses to object are authorized Protects against accidental and malicious threats by regulating the reading, writing and execution of data and programs Need: Proper user identification and authentication Information specifying the access rights is protected form modification
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 6 Access Control Access Control Access control components: Access control policy : specifies the authorized accesses of a system Access control mechanism : implements and enforces the policy Separation of components allows to: Define access requirements independently from implementation Compare different policies Implement mechanisms that can enforce a wide range of policies
Background image of page 6
CSCE 548 - Farkas 7 Discretionary Access Control Discretionary Access Control Access control is based on
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 548 taught by Professor Farkas during the Spring '10 term at South Carolina.

Page1 / 24

information leakage-summary - CSCE 548 Secure Software...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online