Differences

This shows you the differences between two versions of the page.

--- dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use [2022/01/27 13:22]
nick [Security Issues]
+++ dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use [2022/05/27 20:00] (current)
nick grammar
@@ Line 1: / Line 1: @@
-====== 2.3.4.2.3 Data-In-Use ======
+====== 2.3.4.2.3 Data-in-Use ======
 [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:start| Return to State of Data Taxonomy]]
 ===== Overview =====
+[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]]
 [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_use]] covers data being processed (i.e., updated, processed, erased, accessed or read) by a system. Data-In-Use is not passively stored, but is actively moving through parts of a [[dido:public:ra:xapend:xapend.a_glossary:c:computerplaform]] (i.e., [[dido:public:ra:xapend:xapend.a_glossary:c:cpu]], [[dido:public:ra:xapend:xapend.a_glossary:d:dram]], [[dido:public:ra:xapend:xapend.a_glossary:b:bus | Data Bus]], etc). **Data-In-Use** is one of three states of digital data -- the other states are [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_at_rest | Data-at-Rest]] and [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_motion | Data-in-Motion]].
@@ Line 11: / Line 12: @@
 ===== Datatype Issues =====
+[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]]
-Many problems occurring during **Data-In-Use** operations are traceable to [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:10_errors:start#runtime_errors | Runtime Errors]] or [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:10_errors:start#logic_errors | Logic Errors]]. Although Runtime Errors can cause crashes to the Application or even the system they run on, the Logic Errors are pernicious in that often they can go undetected for a long time and can leave a system [[dido:public:ra:xapend:xapend.a_glossary:v:vulnerable]] to attacks. See [[dido:public:ra:xapend:xapend.a_glossary:c:cwe]] for more details. At this time there are 900+ weakness that can lead to Vulnerabilities.
+Many problems occurring during **Data-In-Use** operations are traceable to [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:10_errors:start#runtime_errors | Runtime Errors]] or [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:10_errors:start#logic_errors | Logic Errors]]. Although Runtime Errors can cause crashes to the Application or even the system they run on, Logic Errors are pernicious in that often they can go undetected for a long time and leave a system [[dido:public:ra:xapend:xapend.a_glossary:v:vulnerable]] to attacks. See [[dido:public:ra:xapend:xapend.a_glossary:c:cwe]] for more details. At this time, there are 900+ weakness that can lead to Vulnerabilities.
-**Logic Errors** typically have no externally visible issues, such as a program or system crash, but the errors might only occur when the conditions are right. For example, what happens when values are zero, or at the min or max of their data ranges. What happens if a very large string is passed into the software. So, it is not just important to perform [[dido:public:ra:xapend:xapend.a_glossary:b:blackboxtesting]] but also [[dido:public:ra:xapend:xapend.a_glossary:w:whiteboxtesting]] where the internals of the Application are known, and the limits are know to design tests at these marginal areas.
+**Logic Errors** typically have no externally visible issues, such as a program or system crash, but the errors might only occur when the conditions are right. For example, what happens when values are zero, or at the min or max of their data ranges? What happens if a very large string is passed into the software? So, it is not just important to perform [[dido:public:ra:xapend:xapend.a_glossary:b:blackboxtesting]] but also [[dido:public:ra:xapend:xapend.a_glossary:w:whiteboxtesting]] where the internals of the Application along with its limits are known in order to design tests for both its normal and marginal areas.
 ==== DIDO Specifics ====
+[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]]
 ===== Security Issues =====
+[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]]
-Due to Data-In-Use being directly accessible by one or more users, data in this state is vulnerable to attacks and exploits. Additionally, security risks become greater as the permissions and devices increase. Oftentimes, Data-In-Use can contain digital certificates, [[dido:public:ra:xapend:xapend.a_glossary:e:encryption]] keys, and [[dido:public:ra:xapend:xapend.a_glossary:i:intelp]] which make it crucial for businesses to monitor. Common practices for protecting Data-In-Use are defined under [[dido:public:ra:1.4_req:2_nonfunc:25_security | Securability ]] and include:
+Given that Data-In-Use is directly accessible by one or more users, data in this state is vulnerable to attacks and exploits. Additionally, security risks become greater as permissions and devices increase. Oftentimes, Data-In-Use can contain digital certificates, [[dido:public:ra:xapend:xapend.a_glossary:e:encryption]] keys, and [[dido:public:ra:xapend:xapend.a_glossary:i:intelp]], which make it crucial for businesses to monitor data in this state. Common practices for protecting Data-In-Use are defined under [[dido:public:ra:1.4_req:2_nonfunc:25_security |Securability ]] and include:
 ^ Physical Security | <WRAP>
@@ Line 30: / Line 34: @@
 [[dido:public:ra:xapend:xapend.a_glossary:d:datasecurity]] is the process of protecting data from unauthorized access and data corruption by using a [[dido:public:ra:xapend:xapend.a_glossary:e:encryption_algorithm]] to [[dido:public:ra:xapend:xapend.a_glossary:e:encryption | encrypt]] data throughout its lifecycle especially while the data is **in use**. Encryption can be any combination of [[dido:public:ra:xapend:xapend.a_glossary:h:hashing]], tokenization, and [[dido:public:ra:xapend:xapend.a_glossary:k:key_management]] practices that protect data across all [[dido:public:ra:xapend:xapend.a_glossary:a:application | Applications]] and [[dido:public:ra:xapend:xapend.a_glossary:p:platform | Platforms]].
-With the rise of Decentralized and Distribute systems, it is no longer possible to trust all the parts of a [[dido:public:ra:xapend:xapend.a_glossary:s:sw_stack]] and [[dido:public:ra:xapend:xapend.a_glossary:s:solution_stack]] especially devices such as:
+With the rise of Decentralized and Distributed systems, it is no longer possible to trust all the parts of a [[dido:public:ra:xapend:xapend.a_glossary:s:sw_stack]] and [[dido:public:ra:xapend:xapend.a_glossary:s:solution_stack]] especially devices such as:
 [[dido:public:ra:xapend:xapend.a_glossary:n:netdev]],
 [[dido:public:ra:xapend:xapend.a_glossary:m:mobile]],
 [[dido:public:ra:xapend:xapend.a_glossary:p:peripheral_device]], or
 [[dido:public:ra:xapend:xapend.a_glossary:s:storagedevice]],
-[[dido:public:ra:xapend:xapend.a_glossary:w:web_service]]. Also, each Web Service also represent a stack of more components, such as: [[https://cloudstack.apache.org/ | Apache CloudStack]],
+[[dido:public:ra:xapend:xapend.a_glossary:w:web_service]]. Also, each Web Service also represents a stack of additional components, such as: [[https://cloudstack.apache.org/ | Apache CloudStack]],
 [[https://en.wikipedia.org/wiki/LAMP_(software_bundle)                                             | LAMP (Linux, Apache, MySQL, PHP/Perl/Python) ]],
 [[https://docs.oracle.com/en/cloud/paas/cloud-stack-manager/csmug/oracle-cloud-stack-manager.html  | Oracle Cloud Stack ]],
-[[https://www.ibm.com/docs/en/sc-and-ds/8.2.2?topic=services-web-service-protocol-stack            | Web Service Protocol Stack]]. Each of these components, the connections and  the [[dido:public:ra:xapend:xapend.c_hwarch:network | Network devices]] represent a risk, especially when [[dido:public:ra:xapend:xapend.a_glossary:i:instrumentation]] for monitoring of the component is added to the mix. For example, using a [[dido:public:ra:xapend:xapend.a_glossary:d:debugger]] tool is useful during development for observing the state of the component, but those features leave vulnerabilities for exposing sensitive information. See [[https://cwe.mitre.org/ | MITRE Common Weakness Enumeration (CWE)]] list.
+[[https://www.ibm.com/docs/en/sc-and-ds/8.2.2?topic=services-web-service-protocol-stack            | Web Service Protocol Stack]]. Each of these components, the connections and  the [[dido:public:ra:xapend:xapend.c_hwarch:network | Network devices]], represent a risk, especially when [[dido:public:ra:xapend:xapend.a_glossary:i:instrumentation]] for monitoring of the component is added to the mix. For example, using a [[dido:public:ra:xapend:xapend.a_glossary:d:debugger]] tool is useful during development for observing the state of the component, but those features leave vulnerabilities for exposing sensitive information. See the [[https://cwe.mitre.org/ | MITRE Common Weakness Enumeration (CWE)]] list.
-The following are approaches to helping solve some of these problems:
+The following are approaches to help solve some of these problems:
   * [[dido:public:ra:xapend:xapend.a_glossary:a:acl]]
@@ Line 87: / Line 91: @@
   * [[dido:public:ra:xapend:xapend.a_glossary:t:tresor]]
   * [[dido:public:ra:xapend:xapend.a_glossary:h:homomorphic_encryption]]
   * [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] of [[dido:public:ra:xapend:xapend.a_glossary:p:peripheral_device]] such as:
     * [[dido:public:ra:xapend:xapend.a_glossary:g:geolocation]] services
@@ Line 115: / Line 118: @@
   * [[https://cwe.mitre.org/data/definitions/1295.html | CWE-1295]]: Debug Messages Revealing Unnecessary Information - The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
 </WRAP>|
-^ Securty Culture | <WRAP>
+^ Security Culture | <WRAP>
 [[dido:public:ra:xapend:xapend.a_glossary:c:securityculture]] **CyberSecurity Culture (CSC)** of organizations refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding  [[dido:public:ra:xapend:xapend.a_glossary:c:cyber_security]] and how these manifest in people’s behavior with information technologies. **CyberSecurity Culture (CSC)** is about making [[dido:public:ra:xapend:xapend.a_glossary:i:is|information security]] considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions.
-Some common tools to help create a good Securty Culture are:
+Some common tools to help create a good Security Culture are:
   * [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics]]
@@ Line 147: / Line 150: @@
 </WRAP>|
 ^ Access Control | <WRAP>
-[[dido:public:ra:xapend:xapend.a_glossary:a:accesscontrol]] defines a set of controls restricting access to resources based on the group membership, identity, clearance, physical & logical location and need-to-know. In other words, it provides the [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] for access to resources. Additionally, access includes method of permission to consume, enter, control, restrict, use and protect the resource to guarantee: Availability, Confidentiality, and Integrity.
+[[dido:public:ra:xapend:xapend.a_glossary:a:accesscontrol]] defines a set of controls restricting access to resources based on the group membership, identity, clearance, physical & logical location, and need-to-know. In other words, it provides the [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] for access to resources. Additionally, access includes a method of permission to consume, enter, control, restrict, use and protect the resource to guarantee: Availability, Confidentiality, and Integrity.
 Some of the more traditional resources requiring **Access Control** are:
@@ Line 174: / Line 177: @@
 </WRAP>|
-^ Inentification and Authetication | <WRAP>
+^ Identification and Authentication | <WRAP>
-[[dido:public:ra:xapend:xapend.a_glossary:i:identification]],
+[[dido:public:ra:xapend:xapend.a_glossary:i:identification]] and
-[[dido:public:ra:xapend:xapend.a_glossary:a:authentication]] for the basis for access to the system. Recently, a new Data State has been added called [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_use]]. In many ways, it is harder to to use Identification and Authtetication than with
+[[dido:public:ra:xapend:xapend.a_glossary:a:authentication]] are the basis for access to the system. Recently, a new Data State has been added called [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_use]]. In many ways, it is harder to to use Identification and Authentication than with
-[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_at_rest]] , or [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_at_motion]] becase processing the **Data** generally requires processing a [[dido:public:ra:xapend:xapend.a_glossary:c:cryptographic_algorithm]] to [[dido:public:ra:xapend:xapend.a_glossary:d:decryption | decrypt]] the **Data**. The use of [[dido:public:ra:xapend:xapend.a_glossary:p:protection_ring | Protection Rings]] can help, but at each level there is still a need to identify and authentic the request.
+[[dido:public:ra:xapend:xapend.a_glossary:d:dataatrest]] or [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion]] because processing the **Data** generally requires processing a [[dido:public:ra:xapend:xapend.a_glossary:c:cryptographic_algorithm]] to [[dido:public:ra:xapend:xapend.a_glossary:d:decryption | decrypt]] the **Data**. The use of [[dido:public:ra:xapend:xapend.a_glossary:p:protection_ring | Protection Rings]] can help, but at each level there is still a need to identify and authenticate the request.
-The following are some of the ways to establish the Identity of an entity and to Authenticate the entity making the request.
+The following are some of the ways to establish the identity of an entity and Authenticate the entity making the request.
   * [[dido:public:ra:xapend:xapend.a_glossary:i:identification]]
@@ Line 204: / Line 207: @@
 ==== DIDO Specifics ====
+[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]]
+<color blue><todo @char #char:2022-03-17>New section - review </todo></color>
 /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DIDO Wiki

User Tools

Site Tools

Differences

Page Tools