In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed systems, and that proper authorization and access control requires infrastructural support in one way or… (More)
Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS… (More)
Approaching IT security as an engineering and management problem.
T The emerging use of the TCP/IP communications protocol suite for internetworking has led to a global system of interconnected hosts and networks that is commonly referred to as the Internet. During the last decade, the Internet has experienced a triumphant advance. Projections based on its current rate of growth suggest there will be over one million… (More)