2006 USENIX Annual Technical Conference Abstract
Pp. 249–254 of the Proceedings
Privacy Analysis for Data Sharing in *nix Systems
Aameek Singh, Ling Liu, and Mustaque Ahamad, Georgia Institute of Technology
Abstract
Linux and its various flavors (together called *nix) are growing in mainstream popularity and many
enterprise infrastructures now are based on *nix platforms. An important component of these systems is the
ingrained multi-user support that lets users share data with each other. In this paper, we analyze *nix systems
and identify an urgent need for better privacy support in their data sharing mechanisms. In one of our studies it was
possible to access over 84 GB of private data at one organization of 836 users, including over 300,000 emails and 579
passwords to financial and other private services websites. The most surprising aspect was the extremely low level of
sophistication of the attack. The attack uses no technical vulnerabilities, rather inadequacies of *nix access control
combined with user/application's privacy-indifferent behavior.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until June 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|
