8.2. Threats and risk analysis
The above scenarios have introduced some likely security requirements. We now consider possible threats in more detail, focusing on distributed systems.
Masquerade. A principal may attempt to impersonate someone else. A service may pretend to be some other service. A message may apparently be from a certain IP address when it is in fact from some other address (called IP spoofing).
Eavesdropping. A third party may intercept and obtain copies of network traffic. If the message contents are 'in clear' this violates the confidentiality of the communication. Other misuses of intercepted messages are covered separately.
Tampering with transmitted data. A message copied by an eavesdropper may be altered and reinjected into ...
Get Operating Systems: Concurrent and Distributed Software Design now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
