Kaspersky business11/8/2023 ![]() ➡️ Use as less trusted components as possible, especially those that directly affect the security goals of the system, the trusted components themselves should be simple enough in terms of functionality and have a small attack surface. On the application level, the principle means □ Thus, the cost of code analysis can be significantly reduced. For everything else, basic verification methods will suffice. Then "expensive" methods of analysis can be conducted on small parts of it rather than the entire code. The meaning of this principle is that you need to make sure that the critical security code of the system is as small as possible. □ You can solve this problem by following the principle of minimizing the trusted code base. In order to prove trust in the system, it becomes necessary to carefully check almost all of the codes, which, of course, is almost impossible to implement in practice. ![]() To do this, there are code analysis procedures (for example, static and dynamic code analysis, fuzzing testing, formal verification, penetration testing) that have been developed for this purpose.ĭespite all the maturity of the methods, there is a severe issue: how to competently and consciously divide the code into one that needs to be checked "cheaply" and one that needs to be checked "expensively". Without any proof of the correct operation of the security functions implemented in a system, there can be no trust. ![]() ![]() If we were writing a novel□ about the world of information security, such a phrase would probably become the wisdom revealed to its hero at the end. ![]() "It takes years to build up trust and only seconds to destroy it." ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |