Science Fair Projects Ideas - Confused deputy problem

All Science Fair Projects

 		      

Science Fair Project Encyclopedia for Schools!
  Search    Browse    Forum  Coach    Links    Editor    Help    Tell-a-Friend    Encyclopedia    Dictionary     

Science Fair Project Encyclopedia

For information on any area of science that interests you,
enter a keyword (eg. scientific method, molecule, cloud, carbohydrate etc.).
Or else, you can start by choosing any of the categories below.

Science Fair Project Encyclopedia Contents Page

Confused deputy problem

In information security, the Confused Deputy Problem is a canonical example of why capability-based security is important. A brief description of the involved elements follows.

Contents
1 The Deputy
2 The Confused Deputy
3 Capability style solution
4 External links

The Deputy

The deputy is a program that is called upon (deputized) by a client to perform some action and at the same time granted by the client temporary authority to take that action. The client provides a name of a resource upon which to take the action. The deputy has additional built-in authority to take other actions that are a necessary part of its job.

A classic example is the UNIX passwd command, used to change a user's password, which has access to the password file, although the user invoking it does not.

The Confused Deputy

The client names a resource to which it lacks authority. The deputy attempts its normal act on the resource named by its client. The deputy's act is permitted by security mechanisms because the deputy's built-in authority is sufficient for this act. The deputy has unwittingly abetted an indirect action by its client that the security rules were designed to prevent. The deputy has unwittingly abused its own built-in authority. The deputy is blameless if the semantics of the system did not allow it to say that the act was to be subject to its client's authority.

Continuing with the passwd example, the passwd command has an option to change another user's password, and indeed it has the authority to alter the other user's password on its client's behalf. Only careful checking by passwd itself avoids this security hole.

Capability style solution

Capabilities solve this implicitly in that the name supplied by the client to the deputy is a capability which naturally includes the necessary authority. The deputy's action is via that capability. The client is unable to provide a capability that by hypothesis it lacks.

In our example, this would amount to a user only being able to modify their own entry in the password file, as well as any program they might run such as passwd having the same restriction.

External links

Science Fair Project Encyclopedia Contents Page
10-26-2009 08:16:03
The contents of this article is licensed from www.wikipedia.org under the GNU Free Documentation License. Click here to see the transparent copy and copyright details
Science kits, science lessons, science toys, maths toys, hobby kits, science games and books - these are some of many products that can help give your kid an edge in their science fair projects, and develop a tremendous interest in the study of science. When shopping for a science kit or other supplies, make sure that you carefully review the features and quality of the products. Compare prices by going to several online stores. Read product reviews online or refer to magazines.

Start by looking for your science kit review or science toy review. Compare prices but remember, Price $ is not everything. Quality does matter.
Science Fair Coach
What do science fair judges look out for?
ScienceHound
Science Fair Projects for students of all ages
All Science Fair Projects.com Site
All Science Fair Projects Homepage
Search | Browse | Links | From-our-Editor | Books | Help | Contact | Privacy | Disclaimer | Copyright Notice