Aishan Ismayilova

Cyber Security Fundamentals,
Spring 2018

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Assignment 1

 

     
I take the “Psychological
acceptability” principle among Saltzer and Schroeder’s ten Design Principles.

First of all, this principle states that security mechanisms should not make
the resource more difficult to access than if the security mechanisms were not
present. However, going into deep of this principle, some issues may seem
problematic and not understandable. We say that accessing should not be
difficult, but difficult for whom? For example, configuring and executing a program may be difficult for a
usual worker in the office, but easy for programmers. Psychological
acceptability may sometimes be violated in different ways. One example of
violation of this principle is passwords. Passwords are used to confirm
identity of the user and should be known only by authorized people. The
problems with passwords are so famous, if an attacker wants to access a private
resource, the very first thing he/she does is to try to hack or guess the
password. For instance, in 2000, ARPANET
RFCs warned that many passwords were easy to guess. The problem was that
personnels chose passwords that they can remember easily, but at the same time,
these passwords were easy to guess. As principle of psychological
acceptability states that passwords should not be that much necessary, but
using them is crucial for protecting from unauthorized access to the system and
to be effective, the passwords must be difficult to guess. In the example
mentioned above, attackers had guessed that passwords might be the names of
workers’ partners and unfortunately, they were right. After personnels were
warned that they should not use only names as passwords, they added some
numbers to the existing passwords, for example, one user changed his password
to “Barbara1”, but unfortunately, this kind of passwords was also guessed by
the attacker. To sum up, the reason of why psychological acceptability
principle is usually violated by passwords may be that users have different
ideas of what a hard-to-guess password consists of. In the case of ARPANET,
American user never expected that his password that is a Japanese word could be
guessed by an attacker which means that he underestimate how resourceful
attackers can be.