{"title":"安全状态处理","authors":"S. Price, S. Price","doi":"10.1109/IAW.2006.1652121","DOIUrl":null,"url":null,"abstract":"The information assurance (IA) model, an extension of the McCumber information security model, specifies security services for information when it is at rest, in transit, or being processed. According to the IA model, the processing information state is protected by technology, operations, and people security countermeasures. However, what has not been considered is the power wielded by an ordinary user over the processes in their environment. The authors consider people to be the principle countermeasure in the model. Unfortunately, this becomes problematic when users introduce unknown or unauthorized processes into a system which may affect information and the security services of the system. Indeed, such processes run with the rights and privileges of the user. The intentional or accidental execution of unauthorized applications epitomizes the insider threat. Therefore, system and data security is at the mercy of executing processes and the hands of the authorized user. Another way to represent this situation is to say that unknown and unauthorized processes, whether or not under the control of the user, change the secure state processing (SSP) of a system","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Secure State Processing\",\"authors\":\"S. Price, S. Price\",\"doi\":\"10.1109/IAW.2006.1652121\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The information assurance (IA) model, an extension of the McCumber information security model, specifies security services for information when it is at rest, in transit, or being processed. According to the IA model, the processing information state is protected by technology, operations, and people security countermeasures. However, what has not been considered is the power wielded by an ordinary user over the processes in their environment. The authors consider people to be the principle countermeasure in the model. Unfortunately, this becomes problematic when users introduce unknown or unauthorized processes into a system which may affect information and the security services of the system. Indeed, such processes run with the rights and privileges of the user. The intentional or accidental execution of unauthorized applications epitomizes the insider threat. Therefore, system and data security is at the mercy of executing processes and the hands of the authorized user. Another way to represent this situation is to say that unknown and unauthorized processes, whether or not under the control of the user, change the secure state processing (SSP) of a system\",\"PeriodicalId\":326306,\"journal\":{\"name\":\"2006 IEEE Information Assurance Workshop\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2006.1652121\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2006.1652121","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The information assurance (IA) model, an extension of the McCumber information security model, specifies security services for information when it is at rest, in transit, or being processed. According to the IA model, the processing information state is protected by technology, operations, and people security countermeasures. However, what has not been considered is the power wielded by an ordinary user over the processes in their environment. The authors consider people to be the principle countermeasure in the model. Unfortunately, this becomes problematic when users introduce unknown or unauthorized processes into a system which may affect information and the security services of the system. Indeed, such processes run with the rights and privileges of the user. The intentional or accidental execution of unauthorized applications epitomizes the insider threat. Therefore, system and data security is at the mercy of executing processes and the hands of the authorized user. Another way to represent this situation is to say that unknown and unauthorized processes, whether or not under the control of the user, change the secure state processing (SSP) of a system
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
