Retrieved from https://studentshare.org/information-technology/1455134-dqweek
https://studentshare.org/information-technology/1455134-dqweek.
The recent years have been marked by a shift of resources to more secure designs now that the implementation bags have proved to be scarce courtesy of SDL (Viega and McGraw, 2002, p. 67) Threat models are SDL’s cornerstone as they make it possible for the development team to figure out secure designs in a way that is structured. To achieve this effectively, threat model has been simplified into several tasks; coming up with pictures of data flows software, the application of the “stride per element” method in an effort to identify threats applicable to the desired design, taking a look at each threat and verification to ensure that the software has been modeled enough by putting into consideration each threat and addressing all the discovered threats (Pfleeger, 1997, p. 78) The basic element of a threat model is in its delineation of the entry points in its application.
The threat model is in such a way that it is able to capture the entry points in form of trust boundaries during the phase commonly referred to as the “picture-drawing”. Good examples of this include; registry and files entry points and networking entry points. A threat model that is good enough should also be in a position to capture the authorization as well as the authentication requirements and the network accessibility of the interfaces. This process involves network accessibility via the IP address including the remote and local, local-only access and local subnet.
The process also includes the authorization and authentication levels, user access, administrator-only access and anonymous access. When it comes to Windows access control lists (ACLs), the authorization levels come as finer-grained (Pfleeger, 1997, p. 56). The process identity is another critical data piece that is always captured by this model. In this case, the running code’s interference is what is taken to be the entry point and the resulting process which is high-privilege is considered to be very dangerous if it is compromised.
In the case of Windows, the administrator or the system process are regarded as being the highest privilege. In Mac OS X or Linux situation, the running process happens to be the most privileged (Viega and McGraw, 2002, p. 108). References List Pfleeger, C. 1997. Security in Computing. Prentice Hall: New Jersey Viega, J & McGraw, G. 2002. Building Secure Software. Addison-Wesley: New York DQ: RBAC The Role-Based Access Control (RBAC) is an essential access management approach. It offers a provision method that is straight forward and in the right access level and to the correct users every time it is being applied.
Despite RBAC applications, most of the security teams are still facing difficulties when it comes to account implementation and the process of access management on RBAC. The reason for the above scenario is that most of the internal developer’s teams and vendors are not coming up with capabilities based on the expected role into the solutions at hand. RBAC has been applicable in major overhaul in the last two years resulting to its application being assigned to more than 20, 000 users on each product.
Many vendors tend to be attracted to such products. This indicates how RBAC has value to the management and its users. The latest RBAC model is designed in such a way that it enforces the least segregation and
...Download file to see next pages Read More