Computer security imposes requirements on computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. This makes computer security particularly challenging because it is hard enough just to make computer programs do everything they are designed to do correctly. Furthermore, negative requirements are deceptively complicated to satisfy and require exhaustive testing to verify, which is impractical for most computer programs. Computer security provides a technical strategy to convert negative requirements to positive enforceable rules. For this reason, computer security is often more technical and mathematical than some computer science fields.[citation needed]
Typical approaches to improving computer security (in approximate order of strength) can include the following:
* Physically limit access to computers to only those who will not compromise security.
* Hardware mechanisms that impose rules on computer programs, thus avoiding depending on computer programs for computer security.
* Operating system mechanisms that impose rules on programs to avoid trusting computer programs.
* Programming strategies to make computer programs dependable and resist subversion.
source : en.wikipedia.org
Tidak ada komentar:
Posting Komentar