Site banner
.
Home Forums Blogs Articles Photos Videos Contact FAQ                    
.
.
Wisdom Archive
Body Mind and Soul
Faith and Belief
God and Religion
Law of Attraction
Life and Beyond
Love and Happiness
Peace of Mind
Peace on Earth
Personal Faith
Spiritual Festivals
Spiritual Growth
Spiritual Guidance
Spiritual Inspiration
Spirituality and Science
Spiritual Retreats
More Wisdom
Buddhism Archives
Hinduism Archives
Sustainability
Theology Archives
Even more Wisdom
2012 - Year 2012
Affirmations
Aura
Ayurveda
Chakras
Consciousness
Cultural Creatives
Diksha (Deeksha)
Dream Dictionary
Dream Interpretation
Dream interpreter
Dreams
Enlightenment
Essential Oils
Feng Shui
Flower Essences
Gaia Hypothesis
Indigo Children
Kalki Bhagavan
Karma
Kundalini
Kundalini Yoga
Life after death
Mayan Calendar
Meaning of Dreams
Meditation
Morphogenetic Fields
Psychic Ability
Reincarnation
Spiritual Art, Music & Dance
Spiritual Awakening
Spiritual Enlightenment
Spiritual Healing
Spirituality and Health
Spiritual Jokes
Spiritual Parenting
Vastu Shastra
Womens Spirituality
Yoga Positions
Site map 2
Site map


Dream Sharing Forum

at Global Oneness Community.

Share your dreams and let others help you with the interpretation!
Dream Sharing Forum


.

Computer security - Computer security by design

Computer security - Computer security by design: Encyclopedia II - Computer security - Computer security by design

There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. This philosophy is discussed in the computer insecurity article. The other, discussed in this article, regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways. This technique enforces privilege separation, where an entity has only the privileges that are needed for its function. That way, ev ...

See also:

Computer security, Computer security - Computer security by design, Computer security - Early history of security by design, Computer security - Techniques for creating secure systems, Computer security - Capabilities vs. ACLs, Computer security - Other uses of the term trusted, Computer security - Notable persons in computer security

Computer security, Computer security - Capabilities vs. ACLs, Computer security - Computer security by design, Computer security - Early history of security by design, Computer security - Notable persons in computer security, Computer security - Other uses of the term trusted, Computer security - Techniques for creating secure systems, Alice and Bob problem solving, Authentication, Strong authentication, Authorization certificate, Bell-LaPadula model, Buffer overflow, Capability (computers), Computer Fraud and Abuse Act (U.S.), Computer security policy, COMSEC, Contract security, cracking, Cross-site scripting, Cryptography, Defensive programming, Directory traversal, Electronic underground community, Format string attacks, Full disclosure, Hacker, INFOSEC, Intrusion-detection system, Intrusion-prevention system, Memory debugger, Monoculture, Non-interference, Password policy, Physical security, Penetration test, Secure by design, Secure operating system, Security engineering, Penetration testing, Security focused operating system, Shellcode, Shibboleth, Software testing, SQL injection, TCPA

Computer security: Encyclopedia II - Computer security - Computer security by design



Computer security - Computer security by design

There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. This philosophy is discussed in the computer insecurity article.

The other, discussed in this article, regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways.

This technique enforces privilege separation, where an entity has only the privileges that are needed for its function. That way, even if an attacker has subverted one part of the system, fine-grained security ensures that it is just as difficult for them to subvert the rest.

Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. Where formal correctness proofs are not possible, rigorous use of code review and unit testing measures can be used to try to make modules as secure as possible.

The design should use "defense in depth", where more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure. What constitutes such a decision and what authorities are legitimate is obviously controversial.

In addition, security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the "window of vulnerability" is kept as short as possible.

Other related archives

Alice and Bob, Anti-virus software, Authentication, Authorization certificate, Automated theorem proving, Backups, Bell-LaPadula model, Bruce Schneier, Buffer overflow, Butler Lampson, CAP computer, CD-RWs, CD-Rs, COMSEC, Capability, Capability (computers), Category:Computer security, Category:Computer security specialists, Category:Cryptographers, Computer Fraud and Abuse Act, Computer security policy, Confused deputy problem, Cross-site scripting, Cryptographic, Cryptography, David Wagner, Defensive programming, Directory traversal, E language, EROS, Edward Felten, Electronic underground community, Encryption, Firewalls, Format string attacks, FreeBSD, Full disclosure, Gene Spafford, Hacker, Hurd, IBM, INFOSEC, Internet, Intrusion-detection system, Intrusion-detection systems, Intrusion-prevention system, John Bambenek, Mandatory access control, Memory debugger, Microsoft, Monoculture, Multics, Next-Generation Secure Computing Base, OS/400, Password policy, Penetration test, Penetration testing, Physical security, Public key encryption, Ross Anderson, SQL injection, Secunia, Secure by design, Secure cryptoprocessors, Secure operating system, Security engineering, Security focused operating system, Shellcode, Shibboleth, Social engineering, Software testing, Steven M. Bellovin, Strong authentication, TCPA, Trusted Computing Group, TrustedBSD, William Cheswick, access control list, access control lists, actions, application, attacker, audit trails, authentication, authorization, automated theorem proving, banks, biometrics, capabilities, code review, common criteria, communication, computer insecurity, computer system, computing, crack, cracking, defense in depth, fail safe, fingerprints, full disclosure, identification cards, microkernels, opensource, operating systems, passwords, physical security, power, privilege separation, safe deposit boxes, secure operating systems, security, security engineering, security policy, smart cards, tapes, threats, trusted system, unit testing, vaults, viruses, window of vulnerability, worms



Adapted from the Wikipedia article "Computer security by design", under the G.N U Free Docmentation License. Please also see http://en.wikipedia.org/wiki

More material related to Computer Security can be found here:
Main Page
for
Computer Security 		Index of Articles
related to
Computer Security


« Back








Search the Global Oneness web site
Global Oneness is a huge, really huge, web site. Almost whatever you are searching for within health, spirituality, personal development and inspirationals - you will find it here!
Google
 
 

Rate this article!

Please rate this article with 10 as very good and 1 as very poor.
.








Sneak-Peek of Global Oneness Community

Hi friend! The Global Oneness Community, the place for information and sharing about Oneness is not really launched yet (you will see there is still some clean up to do) ...but it is now open for a sneak-peek! And if you wish - please register and become one of the very first members to do so! Jonas

Forum Home, Articles, Photo Gallery, Videos, News, Sitemap
...and much more!

Dream Sharing Forum

at Global Oneness Community.

Share your dreams and let others help you with the interpretation!
Dream Sharing Forum


Forum
Articles
Images Pictures
Videos
News
Sitemap




 
Photos from Oneness University and Oneness Temple.

 

 

 

 


 







  » Home » » Home »