Skip to Main Content
This article enumerates some simplifying assumptions the security community has made in its effort to gain traction with the access control problem. For many environments, a dramatic and painful mismatch seems to exist between these simplifying assumptions and reality. The authors argue that effective security in these environments might therefore require rethinking these assumptions.
Date of Publication: July-Aug. 2010