Principles of System Security - University Of Maryland
Privacy Enhancing Te chnologies Lecture 4 Principles of System Security Elaine Shi slides partially borrowed from Jonathan Katz 1 Roadmap
Privacy and System Security Principle of least privilege Principle of Privilege Separation 2 Why System Security? System security is necessary for privacy. e.g. If OS is cpmpromised, data can be bre ached.
3 System security Several meanings of system security here: Security of the entirety of what is being pro tected Operating-system security Host security
4 Principle of least privilege A subject should be given only the privileges it needs to accomplish its task E.g., only allow access to information it needs E.g., only allow necessary communication The function of a subject (not its identity) should dete rmine this
I.e., if a subject needs some privileges to complete a specifi c task, it should relinquish those privileges upon completion If reduced privileges are sufficient for a given task, the subje ct should request only those privileges 5 Principle of least privilege Every program and every privileged user of the system should operate using the least amount
of privilege necessary to complete the job.[Jero me Saltzer 74] 6 Example User account management: normal user does not have administrator's privilege. A CEO share his office key only with his assis tant, but not anyone else.
7 More example A web server should not run with root pr ivilege if root privilege is not needed. 8 Privilege Separation
Divided system into parts which are limited to the spe cific privileges they require in order to perform a spec ific task. E.g., OS ensures isolation between apps Hypervisor ensures isolation between OS 9 OS ensures isolation between apps
App App App App OS
If one of the application is buggy and thus is compromised or crashed, it will not affect the behavior of other applications 10 Hypervisor ensures isolation between OS OS OS
OS Hypervisor Hardware 11 Homework Can you give some more examples in real life that indicat
e principle of least privilege and privilege separation? 12 Reading list [Saltzer and Schroeder 1975] The Protection of Information in Computer Systems 13
CHAPTER 4 VOICE COMMUNICATIONS Introduction to Telecommunications by Gokhale PSTN Public Switched Telephone Network Based on star, ring or mesh topologies Consists of transmission paths and nodes Originally designed to carry voice but being used more and more to carry...
Scientific Notation is a way writing extremely small or large numbers and plugging them into the calculator. 6.02 x 1023 is an example of scientific notation Scientific Notation Writing extremely small numbers like the diameter of a blood vessel….. Scientific...
Corporate Cost Reduction Solutions. Specializes in Discovering IncrementalCost Savings and Revenues Associated withWaste Disposal/Recycling and Green Consulting , Utilities, Telecom and LED Lighting Solutions ... Photometric and lighting design is part of the package.
A concrete reaction collar block and a 300-kip hydraulic center hole ram was used to pull on the #18 bars. From these tests we learned that: * These tests confirmed that: * This is a plot of embedment length normalized...
As of January 2013, payday lenders were operating in 37 states. Legislation varies by state; check with your state for more information about current payday lending regulations. In some states, consumers use payday lending businesses to receive cash advances when...
Choose housing that fits your personal needs . and spending plan. Prices vary greatly. Size. Location. Amenities. Renting a Home - Important Terms. Landlord. Person who owns a property and chooses to allow others to live there for rent. Rent.
Ready to download the document? Go ahead and hit continue!