Title :
Unhelpfulness as a security policy, or it´s about time
Author_Institution :
Information Syst. Security, Watertown, MA, USA
Abstract :
Suggests the possibility of controlling the rate of release of information as well as whether the information can be released at all. If the user must have access to information but does not require fast access to large amounts of data, the system can release the information to that user in a slow and unhelpful manner. The addition of the parameter of time acts as a deterrent to information collectors and intruders; less information is available, and the user must access the system repeatedly and for a longer time to get it. Investigation of the rate of release has led to further understanding of the principle of least privilege. The principle of least privilege has generally been espoused by the computer security community as highly desirable. It has been applied to computer security, but only in limited ways. Consideration of time allows a refinement of the concept and offers the possibility of more flexible and fine-grained control
Keywords :
delays; security of data; deterrent; flexible fine-grained control; information access; information availability; information collectors; information release rate control; intruders; principle of least privilege; repeated accesses; security policy; time; unhelpfulness; Computer security; Concrete; Control systems; Data security; Information management; Information security; National security; Resource management; Risk management; Telephony;
Conference_Titel :
New Security Paradigms Workshop, 1995. Proceedings
Conference_Location :
La Jolla, CA
Print_ISBN :
0-8186-7318-4
DOI :
10.1109/NSPW.1995.492341
