First page Back Continue Last page Overview Graphics

How?

Designed security architecture needed – just closing security holes is not the solution
Buffer overflow & memory protection/restrictions, “sandboxes” for services, processes and users
Resource restrictions/limitations within kernel or outside (e.g. Fork bomb protection, firewall rules that limit the number of open connections etc.)
Mandatory Access Controls (“Root has too much power”), subject/object -model based access control
Logging, traceability of actions, integrity checks
Hiding existence i.e. network transparency
Communications / data encryption support (e.g. IPSEC stack, filesystem encryption)

Notes:

- reference monitor, mandatory access control, type enforcement what are those?
- subject is user or process, object is the resource the subject is trying to use

How?

Designed security architecture needed – just closing security holes is not the solution

Buffer overflow & memory protection/restrictions, “sandboxes” for services, processes and users

Resource restrictions/limitations within kernel or outside (e.g. Fork bomb protection, firewall rules that limit the number of open connections etc.)

Mandatory Access Controls (“Root has too much power”), subject/object -model based access control

Logging, traceability of actions, integrity checks

Hiding existence i.e. network transparency

Communications / data encryption support (e.g. IPSEC stack, filesystem encryption)

Notes: