First page Back Continue Last page Overview Text

Notes:


Separate data based on confidentiality, integrity, and/or purpose.
Protect software and data against unauthorized and ill-formed modification.
Safely run code of uncertain trustworthiness, prevent exploit of a flaw in a program from escalating privilege, limit each program to which it requires for its purpose.
Ensure that data is processed as required – guaranteed invocation, Decompose into small, minimally trusted stages. Encryption, sanitization, virus scanning.
Decompose admin and partition users into classes based on position, clearance, etc.