A Privilege Separation Method for Security Commercial Transactions
نویسندگان
چکیده
Privilege user is needed to manage the commercial transactions, but a super-administrator may have monopolize power and cause serious security problem. Relied on trusted computing technology, a privilege separation method is proposed to satisfy the security management requirement for information systems. It authorizes the system privilege to three different managers, and none of it can be interfered by others. Process algebra Communication Sequential Processes is used to model the three powers mechanism, and safety effect is analyzed and compared.
منابع مشابه
Specification of Authorisation Services
This document describes MAFTIA authorisation services and how they will be implemented in the MAFTIA architecture. The authorisation services implement a fine grain protection, i.e., capable of protecting each object method invocation, in order to satisfy as much as possible the least privilege principle and to obtain the best protection efficacy. The authorisation schemes are flexible and rich...
متن کاملPreventing Privilege Escalation
Many operating system services require special privilege to execute their tasks. A programming error in a privileged service opens the door to system compromise in the form of unauthorized acquisition of privileges. In the worst case, a remote attacker may obtain superuser privileges. In this paper, we discuss the methodology and design of privilege separation, a generic approach that lets part...
متن کاملDistributed Intelligence in Critical Infrastructures for Sustainable Power ENK5-CT-2002-00673 Information Security Models and Their Economics
We introduce a method, Lightweight Privilege Separation, enabling safe execution of unreliable software. Ourmethod introduces no new software vulnerabilities and is fairly easy to implement. Further-more, we show by experimentsthat the execution overhead is in the order of milliseconds per execution of the unreliable process at hand. We compare ourmethod with earlier attempts of pri...
متن کاملA Quantitative Evaluation of Privilege Separation in Web Browser Designs
Privilege separation is a fundamental security concept that has been used in designing many secure systems. A number of recent works propose redesigning web browsers with greater privilege separation for better security. In practice, however, privilege-separated designs require a fine balance between security benefits and other competing concerns, such as performance. In fact, performance overh...
متن کاملSome Conundrums Concerning Separation of Duty
This paper examines some questions concerning commercial computer security integrity policies. We give an example of a dynamic separation of duty policy which cannot be implemented by TCSEC based mechanisms alone, yet occurs in the real commercial world, and can be implemented efficiently in practice. We examine and describe a commercial computer security product in wide use for ensuring the in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010