Thursday, November 02, 2006

What Security Means

Security means that the systems have the properties of confidentiality, integrity, and availability, that users are authenticated and authorized correctly, and that transactions are non-repudiable.

The following explains each property.
  • Confidentiality - Data is only available to the people intended to access it.
  • Integrity - Data and system resources are only changed in appropriate ways by appropriate people.
  • Availability - Systems are ready when needed and perform acceptably.
  • Authentication - The identity of users is established (or you’re willing to accept anonymous users).
  • Authorization - Users are explicitly allowed or denied access to resources.
  • Nonrepudiation - Users can’t perform an action and later deny performing it.

The following maps threats to the properties that guard against them.

  • Spoofing - Authentication
  • Tampering - Integrity
  • Repudiation - Non-repudiation
  • Information disclosure - Confidentiality
  • Denial of service - Availability
  • Elevation of privilege - Authorization

Adopted from Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach.


At 1:22 AM, Anonymous Anonymous said...

Simply desire to say your article iis as surprising.
The clearness ffor your publih is simply great and i could assume you're
a profssional in this subject. Fine with yourr permission allow me
to clutch your RSS feed to keep up too date with impending post.
Thanks one milliin and please keep up the gratifying work.

Also visit myy web blog; Detroit Mi lawyer


Post a Comment

<< Home