The credit card company checks to see if the card is known to be stolen. Most notably, whenever you go into a store and make a purchase, the vendor swipes your card through a device that calls up the credit card company. Big credit card companies such as Visa and MasterCard spend lots of money on authentication technologies to prevent credit card fraud. The best real world example we know is one that bridges the real world and the electronic world-credit card authentication. In such systems, attackers only need to cause the right kind of failure or wait for the right kind of failure to happen. The problem is that when many systems fail in any way, they exhibit insecure behavior. What is avoidable are security problems related to failure. Failure is unavoidable and should be planned for.
Secure page versus filesafe software#
This principle applies both to the outward appearance of the protection mechanism and to its underlying implementation.Īccording to Viega and McGraw in Chapter 5, "Guiding Principles for Software Security," in "Principle 3: Fail Securely" on pages 97-100: 2Īny sufficiently complex system will have failure modes. On the other hand, a design or implementation mistake in a mechanism that explicitly excludes access tends to fail by allowing access, a failure which may go unnoticed in normal use. A design or implementation mistake in a mechanism that gives explicit permission tends to fail by refusing permission, a safe situation, since it will be quickly detected. In a large system some objects will be inadequately considered, so a default of lack of permission is safer.
A conservative design must be based on arguments why objects should be accessible, rather than why they should not.
The alternative, in which mechanisms attempt to identify conditions under which access should be refused, presents the wrong psychological base for secure system design. Means that the default situation is lack of access, and the protection scheme identifies conditions under which access is permitted. According to in "Basic Principles of Information Protection" on page 8:įail-safe defaults: Base access decisions on permission rather than exclusion.
0 kommentar(er)
