Privilege revocation

Privilege revocation

Privilege revocation is the act of an entity giving up some, or all of, the privileges they possess, or some authority taking those (privileged) rights away.

Information theory

Honoring the Principle of least privilege at a granularity provided by the base system such as sandboxing of (to that point successful) attacks to an unprivileged user account; helps in reliability of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't effected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).

Computer security

In computing security "privilege revocation" is a measure taken by a program to protect the system against misuse of itself.

Privilege revocation is a variant of privilege separation whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges.

Revocation of privileges is a technique of defensive programming.

Law terminology

In law the general term is often used when discussing some paper, such as a drivers licence, being voided after a (negative) condition is met by the holder.

References

*State of Rhode Island General Assembly [http://www.rilin.state.ri.us/PublicLaws/law97/law97036.htm AN ACT RELATING TO SUSPENSION OF SCHOOL BUS DRIVER'S CERTIFICATES] CHAPTER 36, 97-H 5836 am, Approved July 1 1997
* [http://www.cesg.gov.uk/site/iacs/itsec/media/protection-profiles/authpp.pdf Protection Profile for Privilege-Directed Content] Authoriszor Ltd. Ref: Auth_CC/PP/DES/0 2000
*Timothy Fraser: [http://opensource.nailabs.com/lomac/docs/lomac-sp00.pdf LOMAC: Low Water-Mark Integrity Protection for COTS Environments]


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Privilege escalation — is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application… …   Wikipedia

  • Privilege separation — In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate… …   Wikipedia

  • Privilege — • A permanent concession made by a legislator outside of the common law Catholic Encyclopedia. Kevin Knight. 2006. Privilege     Privilege      …   Catholic encyclopedia

  • revocation of license — The termination of a license in real property, provided the right to revoke exists. 25 Am J2d Ease § 128. The termination of the privilege bestowed upon the licensee by a license granted by a public body for the conducting of a particular… …   Ballentine's law dictionary

  • Principle of least privilege — In information security, computer science, and other fields, the principle of least privilege, also known as the principle of minimal privilege or just least privilege, requires that in a particular abstraction layer of a computing environment… …   Wikipedia

  • Administrative License Revocation — License suspension or revocation traditionally follows conviction for alcohol impaired or drunk driving. However, under administrative license suspension (ALS) laws, sometimes called administrative license revocation, licenses are confiscated and …   Wikipedia

  • OpenBSD — OpenBSD …   Wikipedia

  • OpenBSD security features — The OpenBSD operating system is noted for its security focus and for the development of a number of security features. Contents 1 API and build changes 2 Memory protection 3 Cryptography and randomization …   Wikipedia

  • Setuid — and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable s owner or group. They are often used to… …   Wikipedia

  • Nobody (username) — In many Unix variants, nobody is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has. Nobody typically either has a very high User ID, such as 32767 …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”