next up previous contents
Next: 2.8.8 Trusted Computing Platform Up: 2.8 Computer Security: Why Previous: 2.8.6.2 Digital Rights Management

2.8.7 Enforcement

Enforcer is the program that checks passwords, access control lists, etc

Any bug in enforcer means way for malicious user to gain ability to do anything

In Unix, superuser has all the powers of the Unix kernel - can do anything. Because of coarse-grained access control, lots of stuff has to run as superuser to work. If bug in any program, you're in trouble.

Paradox:

  1. make enforcer as small as possible - easier to get correct, but simple minded protection model (more programs have high privilege).
  2. fancy protection - only minimal privilege, but hard to get right.

next up previous contents
Next: 2.8.8 Trusted Computing Platform Up: 2.8 Computer Security: Why Previous: 2.8.6.2 Digital Rights Management
Ian Wakeman 2005-02-22