Types of Misuse
Protection is to prevent either accidental or intentional misuse
Security is to prevent intentional misuse
Three pieces to security
- Authentication
- Who user is
- Authorisation
- Who is allowed to do what
- Enforcement
- Ensure that people only do what they are allowed to do
A loophole in any of these can cause problem eg
- Log in as super-user
- Log in as anyone, do anything
- Can you trust software to make decisions about 1 and 2?
Ian Wakeman
2005-02-22