Explore how cybersecurity professionals use functions and privileges to keep computer networks safe. They practice labeling real-life objects based on their functions and privileges to learn about the principles of resource encapsulation and least privilege.
Adapted from step two of the Senior Cybersecurity Basics badge.
Purpose: Explore how cybersecurity professionals use functions and privileges to keep computer networks safe. They practice labeling real-life objects based on their functions and privileges to learn about the principles of resource encapsulation and least privilege.
Setup: Not frosting a cake before baking it is an example of resource encapsulation. This cybersecurity idea labels parts of the program or data based on who can use it and how it’s used. This protects the code or data from revealing any more about itself than it needs to run a program. Programmers bundle, or encapsulate, data and label it. While all the contents of the bundle still work, encapsulation means the user and the rest of the program don’t have access to the details.
A related idea is least privilege. That means as few people as necessary should have access to digital “stuff.” Identifying who can use computer hardware, programs, and data—and limiting how they can be used—limits the way hackers make trouble.
Time needed: 25 minutes
- Pad of sticky notes
First, choose an object anywhere in your house that’s a container, like a refrigerator, someone's backpack, a drawer, or a leftovers container in the refrigerator.
Then, on a sticky note, write down the kinds of objects that can “use” or go along with your object. This is called USE.
For example: what objects should go inside a drawer, a backpack, or a refrigerator? What objects go in the bathroom?
On a second sticky note, write down who can use this object—and who cannot use this object. Be as specific as possible. These are called PRIVILEGES (or permissions, depending on the specific computer system).
Think about who might be in proximity to these devices at any given time: family members, friends, neighbors, etc. Label each object with examples of people who should have access and those who should not.
On a third sticky note, write down instructions about how to use your object. This is called OPERATIONS. In particular, think about any security features and ways to access the object.
For example: A backpack might have a zipper or a bathroom might have a lock.
Next, choose another “container” object and label its uses, privileges, and operations.
Sample Object: Bathroom Drawer
Use: For storing toiletries like brushes, combs, makeup, spray, deodorant, etc.
Privilege: Private, girl and family only; no guests or strangers.
Operations: The drawer is not locked. Items inside can be used by anyone with access to the drawer. Typically, new additions to the drawer are placed at the top, which may make the objects at the bottom harder to see.
Then, wrap up the activity by reading the Things to Know below.
THINGS TO KNOW:
It's important to limit access to digital objects in order to keep them safe. A digital object might be data, user information, software programs, and so on—it's anything that is stored on a computer.
Limiting access is called encapsulation. Labels are attached to each digital object to identify what can use it, who can use it, and how it can be used.
Think of this like an access code that you'd use to go into a building. Your code might allow you to go through the front door, get in the elevator, and get into your office. However, your code might not let you open other doors or go to other floors where, for example, top-secret research is being done.
Least privilege means that as few people as necessary should have access to digital "stuff." For example, if you let someone use your computer, have them sign on as a guest, rather than using your account and privileges.
If you have extra time, repeat the labeling process again with a few other objects.