Professional Documents
Culture Documents
Information Security - From Practice To Theory: Case Study Based Learning
Information Security - From Practice To Theory: Case Study Based Learning
Practice to Theory:
Case Study Based Learning
Alexandra Savelieva,
Asst. Professor, PhD
Sergey Avdoshin,
Professor, PhD, Head of Software Engineering Department
CIA
Information Session Mgt Exposing information Allowing someone to read the Windows source
Disclosure Exception Mgt to someone not code; publishing a list of customers to a web site.
authorized to see it
Denial of Configuration Mgt Deny or degrade Crashing Windows or a web site, sending a packet
Service service to users and absorbing seconds of CPU time, or routing
packets into a black hole.
Elevation of Exception Mgt Gain capabilities Allowing a remote internet user to run commands
Privilege Authorization without proper is the classic example, but also going from a
authorization limited user to admin.
M.Howard and S.Lipner, The Security Development Lifecycle: SDL: A Process
for Developing Demonstrably More Secure Software. Microsoft Press, pp.304
(2006)
Information Malicious
Asset activity
Informati
on
System
(Target of
Attack)
Attack 1
Attack 2
Attack n
asavelieva@hse.ru savdoshin@hse.ru