Scribd Logo
Upload

Welcome to Scribd!

  • 8 views

    Solution: Least Privilege:: Definition of The Concept

    Uploaded by

    Augastine Ndeti
    The document discusses four key concepts related to cybersecurity: 1) Least privilege - Users and processes should only have access to necessary resources to accomplish their tasks to promote accountability and reduce risks. 2) Process isolation - Processes run in separate memory spaces so they cannot interfere with each other. 3) Granularity of access control - Different access levels can be defined for different users of a system. 4) Abstraction - Complex systems can be represented in a simpler way by removing unnecessary details, which aids security by reducing complexity and potential distractions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Solution: Least Privilege:: Definition of The Concept

    Uploaded by

    Augastine Ndeti
    8 views4 pages
    The document discusses four key concepts related to cybersecurity: 1) Least privilege - Users and processes should only have access to necessary resources to accomplish their tasks to promote accountability and reduce risks. 2) Process isolation - Processes run in separate memory spaces so they cannot interfere with each other. 3) Granularity of access control - Different access levels can be defined for different users of a system. 4) Abstraction - Complex systems can be represented in a simpler way by removing unnecessary details, which aids security by reducing complexity and potential distractions.

    Original Description:

    computer forensics H11

    Original Title

    21

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses four key concepts related to cybersecurity: 1) Least privilege - Users and processes should only have access to necessary resources to accomplish their tasks to promote accountability and reduce risks. 2) Process isolation - Processes run in separate memory spaces so they cannot interfere with each other. 3) Granularity of access control - Different access levels can be defined for different users of a system. 4) Abstraction - Complex systems can be represented in a simpler way by removing unnecessary details, which aids security by reducing complexity and potential distractions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    8 views4 pages

    Solution: Least Privilege:: Definition of The Concept

    Uploaded by

    Augastine Ndeti
    The document discusses four key concepts related to cybersecurity: 1) Least privilege - Users and processes should only have access to necessary resources to accomplish their tasks to promote accountability and reduce risks. 2) Process isolation - Processes run in separate memory spaces so they cannot interfere with each other. 3) Granularity of access control - Different access levels can be defined for different users of a system. 4) Abstraction - Complex systems can be represented in a simpler way by removing unnecessary details, which aids security by reducing complexity and potential distractions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    Solution:

    Least Privilege:

    Definition of the concept:

    A privilege on a computer is the ability for a user to operate on managed computer resources.

    According to the principle of least privilege, Users, systems, and processes should only have

    access to the resources (systems, files or networks) which are strictly necessary to accomplish

    their assigned purpose. When the degree of privileges granted to a given user for completing

    assigned tasks is reduced, this promotes accountability and reduces the risk of unintended

    exploitation. When privileges aren't needed, the operating system should disable them. For

    operations with severe repercussions, like installing software or removing a system file, the

    computer system OS may often prompt users to escalate their privilege (Lopez & Rubio, 2018).

    Example:

    In my house, I am the only one that has the right to install new software. To reduce the

    likelihood of anyone installing anything that is malicious I require that they ask me to install it.

    Everyone in the house runs as a normal user with reduced privileges, including me. I only use the

    admin account to install new software or problem solve more complicated issues.

    Process Isolation:

    Definition of the concept:

    A process is a computer program that is executing. Each process has its own memory sector

    or address space, that only it may access. Other processes cannot tamper with or meddle with the

    program's address space since it is isolated from those other memory addresses. On a computer

    for instance, a database, a browser or a word processor etc, all run in different address spaces.
    Process isolation assures that none of the processes can affect the address space of the others

    (Vahldiek et al., 2019).

    Example:

    Day to day browsing on the web is never done on my primary work computer. I do casual

    browsing on the web on a tablet that I make sure to keep up to date on patches. This allow me to

    keep my primary work computer away from the majority of harmful and infected web sites I may

    accidentally visit keeping my more valuable information isolated.

    Granularity of Access:

    Definition of the concept:

    Granularity of Access control is a term used in computer science to describe the process of

    allowing different access levels to a resource among different users. Whatever a user is allowed

    to do in a system is defined by access (Qi et al., 2018).

    Example:

    I do not have admin privileges on my day to day account to reduce the likelihood that I

    accidentally install something myself or come across something that uses a zero-day

    vulnerability.

    Abstraction:

    Definition of the concept:

    Abstraction refers to the concept that anything complex can be perceived of and expressed in a

    more straightforward manner. Because they reduce the complexities of an entity towards

    something comprehensible, all models are abstractions. Abstraction helps with cybersecurity by

    removing or decreasing any clutter that could distract a user or developer from properly
    exploiting a resource. Only include the information that is required, while minimizing the

    complexity to a few key qualities (Selbst et al., 2019).

    Example:

    My wife teaches meditation and frequently records audio to post on her web site or send to

    clients. I have helped her by processing the audio to make it sound better and more professional.

    This involves a lot of audio manipulation and settings. Sometimes she need it quicker or I might

    not be around so I have created a script that does most of this for her. This abstracts the

    complicated settings making it easy for her to run the audio through.
    References

    Lopez, J., & Rubio, J. E. (2018). Access control for cyber-physical systems interconnected to the

    cloud. Computer Networks, 134, 46-54.

    Vahldiek-Oberwagner, A., Elnikety, E., Duarte, N. O., Sammler, M., Druschel, P., & Garg, D.

    (2019). {ERIM}: Secure, efficient in-process isolation with protection keys ({MPK}). In 28th

    {USENIX} Security Symposium ({USENIX} Security 19) (pp. 1221-1238).

    Qi, H., Di, X., & Li, J. (2018). Formal definition and analysis of access control model based on

    role and attribute. Journal of information security and applications, 43, 53-60.

    Selbst, A. D., Boyd, D., Friedler, S. A., Venkatasubramanian, S., & Vertesi, J. (2019, January).

    Fairness and abstraction in sociotechnical systems. In Proceedings of the conference on fairness,

    accountability, and transparency (pp. 59-68).

    You might also like