|
A software resource was previously classified as either data or code. We already defined data as a resource that lacks any type of computer instruction. We must guarantee that
a resource to be processed as data never contains abstract or executable instructions. This innocuous state can be achieved through encryption. The resulting cipher and decryption
key must not contain inadvertent or malicious code that can be executed. However, access to a decryption key usually leads to exposure of original data. Therefore, an encryption
that renders access to the decryption key harmless should be desirable. A software interface called APSCCS can provide this kind of
protection. This interface ensures that only the host program that requested encryption can decrypt a cipher. The original data cannot be otherwise retrieved even with both key and
cipher accessible. These features demonstrate reliable encryption.
A resource for reliable encryption can serve as a security provider within a computing environment. This security provider is effective for the prevention and detection of malicious
code activity in two ways. The first is to provide a SESR report signature as explained under Code Translator. The second is to prevent any code execution of a resource during
transmission between environments. This would be achieved through reliable encryption. Furthermore, a validation of data previously encrypted by the provider should be among its features.
This would ensure that such data remains in a secure state. A security provider may be any software that encrypts data, but reliable encryption should be preferred. The Operating System
section explains further.
|