HOME

TheInfoList



Click Here for Items Related To - privilege revocation (computing)
OR:
privilege revocation (computing) on:   [Wikipedia]   [Google]   [Amazon]

{{inline, date=December 2008 Privilege revocation is the act of an
entity An entity is something that exists as itself, as a subject or as an object, actually or potentially, concretely or abstractly, physically or not. It need not be of material existence. In particular, abstractions and legal fictions are usually re ...
giving up some, or all of, the privileges they possess, or some
authority In the fields of sociology and political science, authority is the legitimate power of a person or group over other people. In a civil state, ''authority'' is practiced in ways such a judicial branch or an executive branch of government.''The ...
taking those (privileged) rights away.


Information theory

Honoring the
Principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction la ...
at a granularity provided by the base system such as
sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or Sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * ''Sand ...
ing of (to that point successful) attacks to an unprivileged user account helps in
reliability Reliability, reliable, or unreliable may refer to: Science, technology, and mathematics Computing * Data reliability (disambiguation), a property of some disk arrays in computer storage * High availability * Reliability (computer networking), a ...
of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).


Computer security

In computing security ''privilege revocation'' is a measure taken by a program to protect the
system A system is a group of interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment, is described by its boundaries, structure and purpose and expresse ...
against misuse of itself. Privilege revocation is a variant of
privilege separation In computer programming and computer security, privilege separation is one software-based technique for implementing the principle of least privilege. With privilege separation, a program is divided into parts which are limited to the specific p ...
whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges. Revocation of privileges is a technique of
defensive programming Defensive programming is a form of defensive design intended to develop programs that are capable of detecting potential security abnormalities and make predetermined responses. It ensures the continuing function of a piece of software under un ...
.


References


Protection Profile for Privilege-Directed Content
Authoriszor Ltd, Ref: Auth_CC/PP/DES/01, Issue 1.3, 22 December 2000
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
by Timothy Fraser Information theory Computer security procedures