
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
An overview of secure software development, focusing on access control and information leakage. It discusses the importance of protecting data during transit, use, and storage, as well as access control components and policies. The document also covers problem areas, such as weak access control and information leakage through communication channels and error handling.
Typology: Slides
1 / 24
This page cannot be seen from the preview
Don't miss anything!
During transit
During use
During storage
Access Control Requirement
Access control : ensures that all direct accesses to
object are authorized
Protects against accidental and malicious threats
by regulating the reading, writing and execution of data and programs
Need:
Discretionary Access Control
privileged user
creates object in a place writable by low-privileged user
16
Overt Channel : designed into a system and documented in the user's manual
Covert Channel : not documented. Covert channels may be deliberately inserted into a system, but most such channels are accidents of the system design.
17
Direct Flow:
Indirect flow:
TS-subject
S-object
read info- flow
TS-object
S-subject
write info- flow
OTHER WAYS OF INFORMATION
LEAKAGE
20