600.436 High-Assurance Systems
Fall 01/PCMS Exercise
8
PCMS Design Surprise
¨If you can authenticate to server, and you know entity name, you can fetch it
–Surprise: no per-entity access controls
¨Rationale:
–In order to know the entity name, either:
•You hacked somebody, or
•Somebody sent you the name
–In either case, you were already in a position to get the content too. Protecting it from you is now futile.