Basic Principles of Information Protect

Basic Principles of Information Protect

An externally administered code of ethics or a lack of knowledge about computers adequately protects the stored information.
The protection mechanisms not only protect one user from another, they may also protect their own implementation.
A narrow view is dangerous. It is hard to prove that this negative requirement has been achieved

Considerations Surrounding the Study of Protection

Examples of security techniques sometimes applied to computer systems are the following:

  • labeling files with lists of authorized users,
  • verifying the identity of a prospective user by demanding a password,
  • shielding the computer to prevent interception and subsequent interpretation of electromagnetic radiation,
  • enciphering information sent over telephone lines,
  • locking the room containing the computer,
  • controlling who is allowed to make changes to the computer system (both its hardware and software),
  • using redundant circuits or programmed cross-checks that maintain security in the face of hardware or software failures,
  • certifying that the hardware and software are actually implemented as intended.

Functional Levels of Information Protection:

  • unprotected system
  • before release
    • all-or-nothing system
    • controlled sharing
    • user_programmed sharing controls
  • after release
    • putting strings on information

Design principles

  • Economy of mechanism(simple and small)
  • faill-safe default(white list)
  • complete mediation
  • open design
  • separation of privilege
  • least privilege
  • least common mechanism
  • psychological acceptability
  • two further design principles
    • work factor
    • compromise recording

Technical Underpinnings

development plan

  • from the top down: a subject is coherent and self-contained
  • bottom-up: a topic still containing ad hoc strategies and competing world views

essentials of information protection

  • protect
  • authenticate

an isolated virtual machine

  • descriptor register
  • privileged bit
  • supervisor

authentication mechanisms

  • password
    • easy to guess
    • exposed to be used

shared information

  • list-oriented(high-level)
  • ticket-oriented(low-level)