REAL-WORLD ACCESS CONTROL SYSTEMATIC FAILURES; REALITY OR VIRTUAL REALITY?
DOI:
https://doi.org/10.47839/ijc.4.2.332Keywords:
case study, business process, transaction, prosecution, cyber crime, systematic security design methodologyAbstract
This paper examines the true causes of systematic failures of real-world access control within the context of modern business transactions. Today’s business transactions depend heavily on systems that were developed and protected by off-the-shelf, checklist-mentality security technologies/products such as firewalls, intrusion detection systems and anti-virus software. This dependency, as well as the oversight of system level security requirements, frequently leads to incorrect and incomplete security implementation at the business process and transaction levels. To fully illustrate the critical issues faced by today’s system, this paper utilizes a real-life cyber crime case for analytical purposes. This case was successfully prosecuted by a jury trial at the US Federal Court in Seattle during the period of 1999-2000. It revealed many fatal system security failures and business process trust collapses in an environment involving multiple online web-based systems. The paper then shows how such failures are directly attributed from the inappropriate application of technologies/products based on false assumptions of trust, as well as the lack of appropriate security engineering process during the systems development phase. Observations and recommendations are also made regarding what can be done to enhance security and trust requirements at the levels of business transactions and processes.References
Court proceedings and public-record trial exhibits, United States v. Vasily Gorshkov; Seattle, WA, U.S.A, September 2001.
Philip Attfield, Expert Witness Analysis and Testimony, United States v. Vasily Gorshkov, Seattle, WA, U.S.A., September 2001.
United States Department of Justice press release, “Russian Computer Hacker Convicted by Jury”, Seattle, WA, U.S.A., Oct. 10, 2001.
United States Department of Justice press release, “Russian Computer Hacker Sentenced to Three Years in Prison”, Seattle, WA, U.S.A., October 4, 2002.
United States Department of Justice press release, “Russian Man Sentenced for Hacking into Computers in the United States”, New Haven, CT, U.S.A., July 25, 2003.
Downloads
Published
2014-08-01
How to Cite
Attfield, P., & Huang, M.-Y. (2014). REAL-WORLD ACCESS CONTROL SYSTEMATIC FAILURES; REALITY OR VIRTUAL REALITY?. International Journal of Computing, 4(2), 8-16. https://doi.org/10.47839/ijc.4.2.332
Issue
Section
Articles
License
International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
