New Tools for Protection and Forensics by Unknown
Author:Unknown
Format: epub
Published: 0101-01-01T00:00:00+00:00
5.2. A practical example
Least privilege dictates the minimum set of system resources (network, file system, desktop) that a given task needs to function correctly, for example, in the context of the browser, a task is an application context defined by the top-level domain (the site top-level domain). What resources does Facebook.com, for example, really need? It needs its cookie and DOM storage, and access to the untrusted web. If the browser tab for Facebook.com is compromised (e.g., it delivers a poisoned advertisement), we can tolerate loss of the cookie (which compromises user privacy, but not system security). We can live with the fact that malware will have access to the untrusted internet. The system will still be safe if malware cannot:
• see any user keystrokes, mouse input, or gain access to the screen (to copy pixels from the display, or display any content to the user),
• access any other privileged data, for example, files other than the Facebook cookie, or registry entries that might leak valuable information
• gain access to valuable networks or sites (e.g., SaaS sites or the intranet),
• access any privileged devices (printers, webcam, the OS file system, or shares)
Least privilege dictates that the task must not have access to any other resources unless they are explicitly required, and then only under precise control, and only for the shortest possible duration. For example:
• If the user wants to upload a photo to Facebook, he/she can select the photo (in the usual way) on the desktop, and then (only) the selected file will be injected into the hardware-isolated task that is rendering the Facebook.com browser tab.
• If the user wants to download a file, it can be allowed to persist outside the confines of the isolated task, but only if we remember the fact that it is untrusted, so that it can only ever be opened in another hardware-isolated task.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
What's Done in Darkness by Kayla Perrin(26621)
The Fifty Shades Trilogy & Grey by E L James(19100)
Shot Through the Heart: DI Grace Fisher 2 by Isabelle Grey(19083)
Shot Through the Heart by Mercy Celeste(18955)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 10 by Isuna Hasekura and Jyuu Ayakura(17139)
Python GUI Applications using PyQt5 : The hands-on guide to build apps with Python by Verdugo Leire(17027)
Peren F. Statistics for Business and Economics...Essential Formulas 3ed 2025 by Unknown(16901)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 03 by Isuna Hasekura and Jyuu Ayakura & Jyuu Ayakura(16841)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 01 by Isuna Hasekura and Jyuu Ayakura & Jyuu Ayakura(16470)
The Subtle Art of Not Giving a F*ck by Mark Manson(14386)
The 3rd Cycle of the Betrayed Series Collection: Extremely Controversial Historical Thrillers (Betrayed Series Boxed set) by McCray Carolyn(14159)
Stepbrother Stories 2 - 21 Taboo Story Collection (Brother Sister Stepbrother Stepsister Taboo Pseudo Incest Family Virgin Creampie Pregnant Forced Pregnancy Breeding) by Roxi Harding(13678)
Scorched Earth by Nick Kyme(12788)
Drei Generationen auf dem Jakobsweg by Stein Pia(10985)
Suna by Ziefle Pia(10904)
The Ultimate Python Exercise Book: 700 Practical Exercises for Beginners with Quiz Questions by Copy(10685)
D:\Jan\FTP\HOL\Work\Alien Breed - Tower Assault CD32 Alien Breed II - The Horror Continues Manual 1.jpg by PDFCreator(10649)
De Souza H. Master the Age of Artificial Intelligences. The Basic Guide...2024 by Unknown(10627)
Scythe by Neal Shusterman(10372)
