{"title":"Has Access Control Become the Weak Link?","authors":"Trent Jaeger","doi":"10.1109/msec.2024.3427588","DOIUrl":null,"url":null,"abstract":"In the early 2000s, computer systems were under threat from a variety of Internet worms. This malware attacked network-facing programs by exploiting their memory errors, hijacking their execution to perform malicious operations and propagate the malware to other systems. One key change that commercial systems adopted to prevent such attacks was in access control enforcement. With the enhanced access control (and other defenses), defenders were able to prevent Internet worm attacks, but a variety of other significant and catastrophic attacks (e.g., ransomware) have emerged since that time. But our access control infrastructure is essentially the same as that used to combat Internet worms. In this column, I want to look more closely at the current state of access control enforcement and where we might go from here.","PeriodicalId":13152,"journal":{"name":"IEEE Security & Privacy","volume":"44 1","pages":""},"PeriodicalIF":2.9000,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Security & Privacy","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/msec.2024.3427588","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
In the early 2000s, computer systems were under threat from a variety of Internet worms. This malware attacked network-facing programs by exploiting their memory errors, hijacking their execution to perform malicious operations and propagate the malware to other systems. One key change that commercial systems adopted to prevent such attacks was in access control enforcement. With the enhanced access control (and other defenses), defenders were able to prevent Internet worm attacks, but a variety of other significant and catastrophic attacks (e.g., ransomware) have emerged since that time. But our access control infrastructure is essentially the same as that used to combat Internet worms. In this column, I want to look more closely at the current state of access control enforcement and where we might go from here.
期刊介绍:
IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.
Through special issues, the magazine explores other timely aspects of privacy in areas such as usable security, the Internet of Things, cloud computing, cryptography, and big data. Other popular topics include software, hardware, network, and systems security, privacy-enhancing technologies, data analytics for security and privacy, wireless/mobile and embedded security, security foundations, security economics, privacy policies, integrated design methods, sociotechnical aspects, and critical infrastructure. In addition, the magazine accepts peer-reviewed articles of wide interest under a general call, and also features regular columns on hot topics and interviews with luminaries in the field.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
