Discretionary Access Control, or DAC, is a method for managing access to resources like files or folders. It allows the owner of a resource to decide who can view or edit it. This approach gives users flexibility to share or restrict access based on their own preferences. DAC is commonly used in many operating systems…
Category: System Protection
Mandatory Access Control (MAC)
Mandatory Access Control, or MAC, is a security framework used in computer systems to strictly regulate who can access or modify information. In MAC systems, access rules are set by administrators and cannot be changed by individual users. This method is commonly used in environments where protecting sensitive data is crucial, such as government or…
Privileged Access Management
Privileged Access Management, or PAM, is a set of tools and practices used by organisations to control and monitor who can access important systems and sensitive information. It ensures that only authorised individuals have elevated permissions to perform critical tasks, such as changing system settings or accessing confidential data. By managing these special permissions, businesses…
Session Token Rotation
Session token rotation is a security practice where session tokens, which are used to keep users logged in to a website or app, are regularly replaced with new ones. This reduces the risk that someone could steal and misuse a session token if it is intercepted or leaked. By rotating tokens, systems limit the time…
Secure Deserialization
Secure deserialization is the process of safely converting data that has been stored or transmitted in a structured format back into an object or data structure. If not handled carefully, deserialization can be exploited by attackers to run malicious code, access sensitive information, or compromise a system. By applying security checks and using trusted sources,…
Time-of-Check to Time-of-Use (TOCTOU)
Time-of-Check to Time-of-Use (TOCTOU) is a type of software flaw where a system checks a condition and then, before using the result, the state changes. This can allow attackers to exploit the gap between the check and the use, causing the system to behave unexpectedly or insecurely. TOCTOU issues often arise in file handling, permissions…
Heap Overflow Protection
Heap overflow protection refers to techniques and tools used to prevent or detect when a program writes more data to a memory area, called the heap, than it should. This kind of overflow can lead to software bugs, crashes, or security vulnerabilities, especially if attackers exploit it to control a system. Protection methods include special…
Stack Smashing Protection
Stack smashing protection is a security feature built into many modern computer programs and operating systems. It helps prevent attackers from exploiting buffer overflows, which occur when a program writes more data to a block of memory, or stack, than it can hold. By adding extra checks and safeguards, stack smashing protection makes it much…
Control Flow Integrity
Control Flow Integrity, or CFI, is a security technique used to prevent attackers from making a computer program run in unintended ways. It works by ensuring that the order in which a program’s instructions are executed follows a pre-defined, legitimate path. This stops common attacks where malicious software tries to hijack the flow of a…
Address Space Layout Randomization (ASLR)
Address Space Layout Randomisation (ASLR) is a security technique used by operating systems to randomly arrange the memory addresses used by system and application processes. By shuffling the locations of key data areas, such as the stack, heap, and libraries, ASLR makes it harder for hackers to predict where specific code or data is stored….