2 cissp ® Official Study Guide Eighth Edition

906
Chapter 20 
■
Software Development Security
matter what type of storage is in use. If administrators do not implement adequate fi lesys-
tem access controls, an intruder might stumble across sensitive data simply by browsing 
the fi lesystem. In more sensitive environments, administrators should also protect against 
attacks that involve bypassing operating system controls and directly accessing the physical 
storage media to retrieve data. This is best accomplished through the use of an encrypted 
fi lesystem, which is accessible only through the primary operating system. Furthermore, 
systems that operate in a multilevel security environment should provide adequate controls 
to ensure that shared memory and storage resources are set up with fail-safe controls so 
that data from one classifi cation level is not readable at a lower classifi cation level. 
Errors in storage access controls become particularly dangerous in cloud 
computing environments, where a single misconfiguration can publicly 
expose sensitive information on the web. Organizations leveraging cloud 
storage systems, such as Amazon’s Simple Storage Service (S3), should 
take particular care to set strong default security settings that restrict 
public access and then to carefully monitor any changes to that policy that 
allow public access.
Covert channel attacks pose the second primary threat against data storage resources. 
Covert storage channels allow the transmission of sensitive data between classifi cation 
levels through the direct or indirect manipulation of shared storage media. This may be as 
simple as writing sensitive data to an inadvertently shared portion of memory or physical 
storage. More complex covert storage channels might be used to manipulate the amount of 
free space available on a disk or the size of a fi le to covertly convey information between 
security levels. For more information on covert channel analysis, see Chapter 8, “Principles 
of Security Models, Design, and Capabilities.”
Understanding Knowledge-Based 
Systems 
Since the advent of computing, engineers and scientists have worked toward developing 
systems capable of performing routine actions that would bore a human and consume a 
signifi cant amount of time. The majority of the achievements in this area have focused on 
relieving the burden of computationally intensive tasks. However, researchers have also 
made giant strides toward developing systems that have an “artifi cial intelligence” that can 
simulate (to some extent) the purely human power of reasoning. 
The following sections examine two types of knowledge-based artifi cial intelligence sys-
tems: expert systems and neural networks. We’ll also take a look at their potential applica-
tions to computer security problems.

Understanding Knowledge-Based Systems 

Download 19,3 Mb.

Do'stlaringiz bilan baham: