Definition of policy in system security is “what is allowed and what is not allowed“. And the respective mechanisms enforces policies. There are three goals of security: to prevent attackers from violating security policies, to detect attackers who are violating security policies, and to recover which stops the violation and repairs damage. The last one also includes the ability to function after being attacked.
There are three types of mechanisms. Secure, Precise, and Broad states. In a secure state mechanism, we allow the reachable states to be within a subset of reachable state. Therefore we provide extra security in this mechanism. In a precise state, we allow reachable states to go to all the secured states. That is to say that a user is allowed to go to all secured state and the number of reachable and secured state is the same, in other words, precise. In a broad state, we allow the user to go to an unsecured state and then a set of secured state. This is the most vulnerable mechanism.
In order to ponder on these issues we take a lot of things into consideration. We should determine the cost benefit of if it is cheaper to recover or to prevent. We should also do a risk-analysisWe should also keep the law and customs in mind, we should know if certain security measures are within the law or not, or would people even use these security measures.
0 ulasan:
Catat Ulasan