Quote: limit damage instead of preventing security attacks

Quotation Skeleton

The mistake software designers make is in asking … that can be done when an attack succeeds?" … answer to the first question is usually "By … Authority, or POLA." Nearly all of today's operating … enforce POLA, but only at the level of … A better approach is to enforce POLA at … a successful attack might do to the set … It may read my email, but it can't … Ka-Ping Yee … has shown that … user actions implicitly specify the desired permissions [Proc Inter Conf Infor and Comm Security, LNCS, 2002].   Google-1   Google-2

Copyright clearance needed for quotation.

Additional Titles

Quote: limit damage via the principle of least authority; at the process or object level

Quote: a user's actions implicitly specifies the desired permissions for processes and objects

Related Topics

Topic: limitations of system security (32 items)
Group: security   (23 topics, 802 quotes)
Topic: security by access rights (36 items)