HOME

TheInfoList



Click Here for Items Related To - Privilege Revocation (computing)
OR:
Privilege Revocation (computing) on:   [Wikipedia]   [Google]   [Amazon]

{{inline, date=December 2008 Privilege revocation is the act of an
entity An entity is something that exists as itself, as a subject or as an object, actually or potentially, concretely or abstractly, physically or not. It need not be of material existence. In particular, abstractions and legal fictions are usually r ...
giving up some, or all of, the
privileges Privilege may refer to: Arts and entertainment * ''Privilege'' (film), a 1967 film directed by Peter Watkins * ''Privilege'' (Ivor Cutler album), 1983 * ''Privilege'' (Television Personalities album), 1990 * ''Privilege (Abridged)'', an alb ...
they possess, or some authority taking those (privileged) rights away.


Information theory

Honoring the
Principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction la ...
at a granularity provided by the base system such as sandboxing of (to that point successful) attacks to an unprivileged user account helps in
reliability Reliability, reliable, or unreliable may refer to: Science, technology, and mathematics Computing * Data reliability (disambiguation), a property of some disk arrays in computer storage * High availability * Reliability (computer networking), ...
of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).


Computer security

In computing security ''privilege revocation'' is a measure taken by a
program Program, programme, programmer, or programming may refer to: Business and management * Program management, the process of managing several related projects * Time management * Program, a part of planning Arts and entertainment Audio * Programm ...
to protect the system against misuse of itself. Privilege revocation is a variant of
privilege separation In computer programming and computer security, privilege separation is one software-based technique for implementing the principle of least privilege. With privilege separation, a program is divided into parts which are limited to the specific pr ...
whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges. Revocation of privileges is a technique of
defensive programming Defensive programming is a form of defensive design intended to develop programs that are capable of detecting potential security abnormalities and make predetermined responses. It ensures the continuing function of a piece of software under unf ...
.


References


Protection Profile for Privilege-Directed Content
Authoriszor Ltd, Ref: Auth_CC/PP/DES/01, Issue 1.3, 22 December 2000
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
by Timothy Fraser Information theory Computer security procedures