600.436
High-Assurance Systems
Fall 01/PCMS Exercise
8
PCMS Design Surprise
¨If you can authenticate to server,
and you know entity name, you can fetch it
–Surprise: no per-entity access
controls
¨Rationale:
–In order to know the entity name,
either:
•You hacked somebody, or
•Somebody sent you the name
–In either case, you were already in a
position to get the content too. Protecting it from you is now futile.