Next: Scenarios
Up: The Problem
Previous: The Problem
�
An important part of creating a safe environment for a program to run
in is identifying the resources and then providing certain types of
limited access to these resources. Table 1 provides a partial list
of a typical host's resources along with a classification of some of
the types of attacks which can be associated with availability of that
resource. The four types of attacks are:
- disclosure of information about a user or the host machine
- denial of service attacks make a resource unavailable for
legitimate purposes (i.e. filling the file system)
- damaging or modifying of data, this could include data in use by
other programs or by the file system
- annoyance attacks such as displaying obscene pictures on a user
screen.
Note that the table is not intended to be complete in terms of
possible types of attacks, but merely provides an example of the types
of problems associated with a given resource. For example, for a
spoofing program (a program that appears to the user to be a
different program) may desire to utilize any given resource for its
attack since it should appear to the user to use the same resources as
the original program.
�
Table: Host Resources
Some of the given resources are clearly more ``dangerous'' to give
full access to than others. For example it is hard to imagine any
security policy in which an unknown program should be given full
access to the file system. On the other hand, most security policies
would not limit a program from almost full access to the display
(assuming the program was limited in other ways).