User Account

All Pages

Excuse of security being too complicated

Assignment Help Basic Computer Science
Reference no: EM131939644

Please paraphrase the below

Countermeasures

Where possible, prevention is vastly preferable to detection and attempted remediation (although cases of insider misuse generally exist in which prevention is inherently difficult). For example, the Multics system architecture (see [5] and https://www.multicians.org/) stressed the importance of prevention by isolating privileged execution domains from less-privileged executions, isolating one user from another while still permitting controlled sharing (via access-control lists, access- checked dynamic linking, and dynamic revocation, as well as user-independent vir- tual memory), and using some sensible software-engineering concepts. Use of some of the Saltzer-Schroeder [22] security principles is directly relevant to minimizing insider misuse. The most obviously applicable principles here are separation of priv- ileges, allocation of least privilege, and open design. In addition, ease of use (gen- eralizing Saltzer and Schroeder's psychological acceptability) could provide incentives for insiders to avoid the excuse of security being too complicated, which otherwise often results in the creation of unnecessary vulnerabilities. These and other principles are discussed further in the context of election systems in Section 7.

If there is no meaningful security policy, then the task of detecting and identify- ing deviations from that policy is not meaningful. If there is no fine-grained context- sensitive prevention in systems and networks, then even if there were a meaningful security policy, it would be difficult to implement it. With respect to insiders, en- terprises operating within a system-high approach suggest that insider misuse is ill-defined - in the sense that everything may be permitted to all authenticated users. Thus, to have any hope of detecting insider misuse, we first need to know what con- stitutes misuse. Ideally, as noted above, it would then be much better to prevent it rather than to have to detect it after the fact.

The absence of rigorous authentication and constructive access controls tends to put the cart before the horse. For example, what does unauthorized usemean when almost everything is authorized? Recall the Internet Worm of 1988, which was an outside-inner attack. Robert Tappan Morris was prosecuted for exceeding authority;yet,noauthorizationwasrequiredtousethesendmail debugoption, the finger daemon buffer overflow, the .rhosts mechanism, and copying an encrypted but then unprotected password file. This may have been misuse, but was not unauthorized misuse. The same issues arise with recent malware.

Reference no: EM131939644

Questions Cloud

Draw a use-case diagram : You are at a restaurant, and you need a ride home. You heard about "Unter"...the on-demand car services company. You download the mobile app
Number of instructor residents : List all cities that have 10 or more students and instructors combined. Show city, state, number of student residents, number of instructor residents
How to use social media for requesting social media : Several of the senior partners think that social networking sites are trendy and informal and don't accurately reflect the firm's conservative image.
Problem regarding the digital forensics : You have obtained a suspect's new phone. What might be on the phone that would help establish an alibi for a suspect?
Excuse of security being too complicated : These and other principles are discussed further in the context of election systems in Section 7.
Requirements for a system to support the club : Can you make a list of requirements for a system to support the club's business processes shown in the scenario below?
What do you think should the role of your instructor : What do you think should the role of your instructor be as he reviews your presentation/prototype? Should I look for problems?
Differences between cybersecurity and computer security : What are the similarities and differences between cybersecurity and computer security.
Data types for creating a database for the scenario : Please Suggest the Entities and Attributes and their data types for creating a database for the scenario below:

Reviews

Write a Review

Basic Computer Science Questions & Answers

  What advantages do they bring to the table

In regards to Java, there is talk that this is not the most popular technology anymore - why do you think this is? Looking at other technologies.

  Construct a model-theoretic interpretation

Draw a predicate dependency graph for the above predicates. (Note: DURATION(X, Y, Z) means that you can take a flight from X to Y in Z hours.)

  Studying business strategy

Suppose a friend of yours was seeking to have a new house built by one of 2 local builders. Knowing that you are studying business strategy

  Importance of selecting the grain of a data warehouse

Identify the importance of selecting the Grain of a data warehouse in the Kimball Data Warehouse Model. Provide examples of grains within a Data Warehouse. 300 word minimum please use APA format and cite your sources.

  What is the probability that a flush occurs

If there are 13 cards in each of four suits in a deck used in the game and there are 5 cards in a hand, what is the probability that a flush occurs?

  Telephone service providers are now offering adsl

4. (4 points) Telephone service providers are now offering ADSL service to home using the existing twisted-pair telephone wires. The signal can be carried up to a maximum of 1-MHz baseband with an S/N (signal power/noise power in ratio) of 30 d..

  What will be its optimal cash return point

What will be its optimal cash return point? (Use 365 days a year. Do not round intermediate calculations and round your answer to 2 decimal places.)

  Which of the following is acceptable in a structured program

Which of the following is acceptable in a structured program?

  What percent of its full time employees

The margin of error rule for large employer with full time employees coverage is at least what percent of its full time employees.

  What cost factors are considered when a new tool is evaluate

What cost factors are considered when a new tool is evaluated? Why is it required that the tool can be used even when the scale of your project goes up?

  What is the history of the open source software movement

What is the history of the "open source" software movement

  Give an example of a price control

Give an example of a price control. Discuss who benefits and who is harmed for the price control.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd