ABSTRACT

Contents 3.1 Introduction .................................................................................................33 3.2 Background ................................................................................................. 34 3.3 Interface Security Weaknesses .......................................................................35 3.4 Proposed Solutions .......................................................................................37 3.5 Conclusion ...................................................................................................39 References ...........................................................................................................39

can be used to hold individuals accountable and limit the possible damage that may occur (Silberschatz, Galvin, and Gagne 2004). Security controls are configured to support an organization’s security policy. Unfortunately, many applications do not provide a capability to extend the security policy to the user’s interface (Neumann 1999). This situation provides an avenue for the malicious user surreptitiously to alter or remove sensitive information through normal interfaces provided by the system and its applications. Due to the lack of granular security policy enforcement on application interfaces, organizations rely on written policies, training, and especially trust to protect sensitive information.