العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolPRIVILEGE SEPARATION
In computer programming, 'privilege separation' is a technique used to mitigate the potential damage of a computer security attack. In its most basic form, a computer program forks into two processes. The main program drops privileges , and the smaller program keeps privileges in order to perform a certain task. The two halves then communicate via a socket pair. Thus, any successful attack against the larger program will gain minimal access, even though the pair of programs will be capable of performing privileged operations.
★ Principle of least privilege
★ Capability-based security
★ Confused deputy problem
★ Privilege escalation
★ Defensive programming
★ Privilege bracketing
★ Privilege revocation
★ Theo de Raadt: Exploit class=wikiexternal target=_blank>Mitigation Techniques in OpenBSD slides
★ Niels Provos, Markus Friedl, Peter Honeyman: Preventing class=wikiexternal target=_blank>Privilege Escalation paper
★ Niels Provos: Privilege class=wikiexternal target=_blank>Separated OpenSSH project
| Contents |
| See also |
| External links |
See also
★ Principle of least privilege
★ Capability-based security
★ Confused deputy problem
★ Privilege escalation
★ Defensive programming
★ Privilege bracketing
★ Privilege revocation
External links
★ Theo de Raadt: Exploit class=wikiexternal target=_blank>Mitigation Techniques in OpenBSD slides
★ Niels Provos, Markus Friedl, Peter Honeyman: Preventing class=wikiexternal target=_blank>Privilege Escalation paper
★ Niels Provos: Privilege class=wikiexternal target=_blank>Separated OpenSSH project
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
