Learn More
In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed systems, and that proper authorization and access control requires infrastructural support in one way or(More)
Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS(More)