The goals and constraints around the confidentiality, integrity, and availability (CIA) of the data and application include:
- Ensuring that the profile catalog file has not been tampered with.
- Ensuring that the downloaded modules have not been tampered with.
- Ensuring that the encryption of the configuration section is supported by the application block (this is a low priority goal).
- Ensuring that only modules for which the user is authorized are loaded and that they are loaded from the appropriate location.
- Ensuring that persistent state storage is user specific.
- Ensuring that data stored in state is protected from hackers.
- Ensuring that sensitive information in exceptions is not passed up the call stack.
- Ensuring that an error in one WorkItem should not cause the application to stop responding.
No comments:
Post a Comment