*
Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 7
Discretion
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Copyright © 2012, Elsevier Inc. All Rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Proprietary information will be exposed if discovered by hackersNational infrastructure protection initiatives most prevent leaksBest approach: Avoid vulnerabilities in the first placeMore practically: Include a customized program focused mainly on the most critical information
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 7 – Discretion
Introduction
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system securityA national infrastructure security protection program will includeMandatory controlsDiscretionary policyA smaller, less complext TCB is easier to protect
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 7 – Discretion
Trusted Computing Base
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Fig. 7.1 – Size comparison issues in a trusted computing base
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 7 – Discretion
*
Managing discretion is critical; questions about the following should be asked when information is being considered for disclosureAssistanceFixesLimitsLegalityDamageNeed
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 7 – Discretion
Trusted Computing Base
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Security through obscurity is often maligned and misunderstood by security expertsLong-term hiding of vulnerabilitiesLong-term suppression of informationSecurity through obscurity is not recommended for long-term protection, but it is an excellent complementary controlE.g., there’s no need to publish a system’s architectureE.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 7 – Discretion
Security Through Obscurity
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Comp.