Approaches to Computer Security

There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. T he other regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways

  • Most current real-world computer security efforts focus on external threats, and generally treat the computer system itself as a trusted system. Some knowledgeable observers consider this to be a disastrous mistake, and point out that this distinction is the cause of much of the insecurity of current computer systems - once an attacker has subverted one part of a system without fine-grained security, he or she usually has access to most or all of the features of that system. Because computer systems are very complex, and cannot be guaranteed to be free of defects, this security stance tends to produce insecure systems.

    The 'trusted systems' approach has been predominant in the design of many Microsoft software products, due to the long-standing Microsoft policy of emphasizing functionality and 'ease of use' over security. Microsoft claims that this is the result of consumer choice. Since Microsoft products currently dominate the desktop and home computing markets, this has led to unfortunate effects. However, the problems described here derive from the security stance taken by software and hardware vendors generally, rather than the failing of a single vendor. Microsoft is not out of line in this respect, just far more prominent with respect to its consumer market share and its mistakes are more pervasive.
  • The other approach to security in computing regards the computer system as untrusted and redesigns itself. This technique enforces privilege separation, where an entity has only the privileges that are needed for its function. That way, even if an attacker has subverted one part of the system, fine-grained security ensures that it is just as difficult for them to subvert the rest. Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced

    The design should use "defense in depth", where more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure". Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.

Back to Top

DiscoverArtists.info - DiscoverAstrology.info - DiscoverBabies.info - DiscoverBlogs.info - DiscoverBusiness.info - DiscoverCars.info - DiscoverComputers.info
 DiscoverCountries.info - DiscoverDating.info - DiscoverDIY.info - DiscoverFinance.info - DiscoverFlowers.info - DiscoverGambling.info - DiscoverGadgets.info
DiscoverGolf.info - Discover-Health.info - Discover-Insurance.info - DiscoverJewelry.info - DiscoverLanguages.info - Discover-Loans.info - DiscoverParenting.info
Discover-Pets.info - Discover-RSS.info - DiscoverSports.info - DiscoverTheHome.info - DiscoverWeddings.info - DiscoverWeightLoss.info - DiscoverWorldCities.info