User Account

All Pages

Excuse of security being too complicated

Assignment Help Basic Computer Science
Reference no: EM131939644

Please paraphrase the below

Countermeasures

Where possible, prevention is vastly preferable to detection and attempted remediation (although cases of insider misuse generally exist in which prevention is inherently difficult). For example, the Multics system architecture (see [5] and https://www.multicians.org/) stressed the importance of prevention by isolating privileged execution domains from less-privileged executions, isolating one user from another while still permitting controlled sharing (via access-control lists, access- checked dynamic linking, and dynamic revocation, as well as user-independent vir- tual memory), and using some sensible software-engineering concepts. Use of some of the Saltzer-Schroeder [22] security principles is directly relevant to minimizing insider misuse. The most obviously applicable principles here are separation of priv- ileges, allocation of least privilege, and open design. In addition, ease of use (gen- eralizing Saltzer and Schroeder's psychological acceptability) could provide incentives for insiders to avoid the excuse of security being too complicated, which otherwise often results in the creation of unnecessary vulnerabilities. These and other principles are discussed further in the context of election systems in Section 7.

If there is no meaningful security policy, then the task of detecting and identify- ing deviations from that policy is not meaningful. If there is no fine-grained context- sensitive prevention in systems and networks, then even if there were a meaningful security policy, it would be difficult to implement it. With respect to insiders, en- terprises operating within a system-high approach suggest that insider misuse is ill-defined - in the sense that everything may be permitted to all authenticated users. Thus, to have any hope of detecting insider misuse, we first need to know what con- stitutes misuse. Ideally, as noted above, it would then be much better to prevent it rather than to have to detect it after the fact.

The absence of rigorous authentication and constructive access controls tends to put the cart before the horse. For example, what does unauthorized usemean when almost everything is authorized? Recall the Internet Worm of 1988, which was an outside-inner attack. Robert Tappan Morris was prosecuted for exceeding authority;yet,noauthorizationwasrequiredtousethesendmail debugoption, the finger daemon buffer overflow, the .rhosts mechanism, and copying an encrypted but then unprotected password file. This may have been misuse, but was not unauthorized misuse. The same issues arise with recent malware.

Reference no: EM131939644

Questions Cloud

Draw a use-case diagram : You are at a restaurant, and you need a ride home. You heard about "Unter"...the on-demand car services company. You download the mobile app
Number of instructor residents : List all cities that have 10 or more students and instructors combined. Show city, state, number of student residents, number of instructor residents
How to use social media for requesting social media : Several of the senior partners think that social networking sites are trendy and informal and don't accurately reflect the firm's conservative image.
Problem regarding the digital forensics : You have obtained a suspect's new phone. What might be on the phone that would help establish an alibi for a suspect?
Excuse of security being too complicated : These and other principles are discussed further in the context of election systems in Section 7.
Requirements for a system to support the club : Can you make a list of requirements for a system to support the club's business processes shown in the scenario below?
What do you think should the role of your instructor : What do you think should the role of your instructor be as he reviews your presentation/prototype? Should I look for problems?
Differences between cybersecurity and computer security : What are the similarities and differences between cybersecurity and computer security.
Data types for creating a database for the scenario : Please Suggest the Entities and Attributes and their data types for creating a database for the scenario below:

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd