Information Technology Reference
In-Depth Information
made
, the amount of computation involved increases at least as fast as
the square of the number of equations.” The bigger the unit, the more
difficult it will be to manage it. Modularity helps security. It is easier to
verify smaller modules than monolithic large modules, which may be so
complex that security verification is difficult.
Physical versus Logical
Mention should be made about physical versus logical protection also. As
is well known, when users delete data, whether it is in a file or a database,
or an e-mail folder, it is a logical deletion. For the application, that piece
of information is deleted. Yet the data may exist physically for some period
of time, within some data store, until it is physically overwritten. This
must be taken into account by application designers and operations
support.
Applications make copies. Documents sent as attachments in e-mails
invariably make a copy. The e-mail application or the receiving person
manages this copy outside the application. Copies may exist with other
applications as temporary files or “caches.” Their life cycles are often not
taken into account by developers while designing security. Protecting
merely the master is not enough when so many other copies exist.
Encryption
Intruders use one of three means to compromise the security of a com-
puting system: (1) interruption, (2) interception, or (3) interjection (Figure
16.8).
This is a generalization of intrusion detection suggested by Pfleeger.
The first compromises the availability of information, the second compro-
mises the secrecy aspect, and the third compromises the integrity aspect.
One way to prevent unauthorized access to a system is by encrypting
the data that flows through it. Encryption transforms data into a form that
is unintelligible.
Interruption
Interception
Interjection
Figure 16.8
Intruders use these means
.
