next up previous contents
Next: 2.8.2 Authentication Up: 2.8 Computer Security: Why Previous: 2.8 Computer Security: Why

2.8.1 Definitions

Types of Misuse

Protection is to prevent either accidental or intentional misuse

Security is to prevent intentional misuse

Three pieces to security

Authentication
Who user is
Authorisation
Who is allowed to do what
Enforcement
Ensure that people only do what they are allowed to do
A loophole in any of these can cause problem eg
  1. Log in as super-user
  2. Log in as anyone, do anything
  3. Can you trust software to make decisions about 1 and 2?

next up previous contents
Next: 2.8.2 Authentication Up: 2.8 Computer Security: Why Previous: 2.8 Computer Security: Why
Ian Wakeman 2005-02-22