DOCSLIB.ORG

Digital Confidence Securing the Next Wave of Digital Growth

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Digital Confidence Securing the Next Wave of Digital Growth POLICY SERIE S Digital Confidence Securing the Next Wave of Digital Growth übersetzt aus dem Englischen DIGITAL CONFIDENCE: KEY TAKEAWAYS 4 I. EXECUTIVE SUMMARY 7 II. THE NEXT GROWTH WAVE IN DIGITAL LIFE: USAGE, 15 NOT THE NUMBER OF USERS, DRIVES GROWTH 1. Digital Life: Introduction ................................................................................................................................................................... 15 2. Digital Life: A Defining Force in Today’s Economy, Politics, Society, and Education .............................. 16 3. Revenue and Growth Drivers: Content and Advertising, Not Access ................................................................. 23 III. DIGITAL CONFIDENCE: SECURING THE FUTURE GROWTH OF DIGITAL LIFE 27 1. Threats to Digital Life .......................................................................................................................................................................... 27 2. Digital Confidence: Concept and Overview .......................................................................................................................... 28 3. Network Integrity and Quality of Service .............................................................................................................................. 30 4. Privacy and Data Protection ............................................................................................................................................................ 36 5. Minors’ Protection .................................................................................................................................................................................. 38 6. Piracy and Theft Avoidance .............................................................................................................................................................. 39 7. Summary ........................................................................................................................................................................................................ 41 IV. TODAY’S APPROACH TO DIGITAL CONFIDENCE: SIGNIFICANT 45 ROOM FOR IMPROVEMENT 1. Case Studies: How to Get Digital Confidence Right—Or Wrong .......................................................................... 4 5 2. The Regulators’ Agenda ...................................................................................................................................................................... 70 V. RISK/BENEFIT ANALYSIS: DIGITAL CONFIDENCE PAYS OFF 75 1. Financial Summary: Downside Risks of Digital Confidence Outweigh Potential Benefits ................... 76 2. Digital Confidence Scenarios—From Divergence to Convergence ........................................................................ 77 3. Key Financial Drivers: Advertising and Content Are Most Exposed to Digital Confidence.................... 78 4. Conclusion .................................................................................................................................................................................................... 79 VI. FRAMEWORK FOR AcTION 81 1. Industry Needs to Develop Leadership in Digital Confidence .................................................................................. 81 2. Network Operators and ISPs Need to Take a Clear Position on Digital Confidence ............................... 82 3. Network Operator Call for Action: The Five Key Initiatives for Digital Confidence............................... 83 4. Implications for Other Stakeholders .......................................................................................................................................... 85 5. Priorities for Regulators ...................................................................................................................................................................... 86 Booz & Company 3 DIGITAL CONFIDENCE – KEY TAKEAWAYS • The digital economy in Europe is expected top of the €436 billion base case. However, of these different areas converge in practice • Digital Confidence policies and practices to grow by 18 percent per annum until 2012 the downside of a failure to enhance Digital and have shown to produce contradictory need to be embedded within the respective to a volume of €436 billion from €236 billion Confidence is greater: 18 percent (or €78 reactions from stakeholders. organisations by establishing internal in 2008. billion) could be lost or significantly delayed. protocols and governance structures to guide • Key lessons drawn from case studies around product and service roadmaps; choice and • Until recently, growth in the digital economy • All players in the industry agree on the the world show that a “can-do” vision is deployment of network-based technologies was largely driven by infrastructure rollout importance of building up Digital Confidence realistic: With regard to enhancing Digital and security solutions; and communication and technology development, such as digital credentials and have launched a wide array of Confidence, network operators can go beyond to customers and other stakeholders (e.g., TV (DTV) migration and next-generation activities accordingly—yet, to date, there is a their traditional roles of “mere conduit” and industry peers, content owners, regulators). broadband technologies. clear lack of coherence and common focus, as educator/teacher whilst observing guidelines most actions are ad hoc, having been triggered for acceptable consumer practices and • Going forward, there will be a very by high-profile incidents of trust or security safeguarding legal safe harbours. significant shift in value from access—though breaches and political pressure. still profitable and growing, albeit at single- • Based on the cases analysed, best practices digit rates—to electronic commerce, online • Legislation alone cannot keep up with the from a consumer acceptance point of view and digital content offers, and online speed and scope of challenges in this market. take shape: advertising. Hence, successful companies do more than just comply with legislation; they stay ahead of • Consumers accept practices that are • Increased usage and spend per user will fuel the curve by adopting proactive policies and transparent and unobtrusive—network strong growth in the next 5 years: Specifically, practices to drive Digital Confidence. operators and content and platform content and advertising businesses will show players, jointly with the regulator, are double-digit growth. e-Commerce will remain • Digital Confidence is built on four pillars, required to drive such communication the biggest market in absolute terms. which, taken together, address the most vital forward. areas of consumer and industry concern: • However, these growth drivers will have • Consumers are concerned about how to prevail over major disruptive forces in the 1. Network Integrity and Quality of Service network operators manage and safeguard European Information Society such as Web (QoS). Focuses on providing secure and consumers’ digital data—clear statements 2.0 services converging across platforms (i.e., resilient enabling technology platforms for and a consistent, reliable regulatory online, DTV, mobile) and a new “born digital” digital life and providing an optimal customer framework are key priorities. consumer generation that is hyperconnected experience and participative but also highly assertive, 2. Privacy and Data Protection. Addresses the • Consumers require control over the feeding into press and political action. security concerns of individuals with respect to risks to which they’re exposed—they seek their digital data access to the appropriate tools, opt-in/ • With the growth and success of digital life 3. Minors’ Protection. Seeks to defend the well- opt-out mechanisms, and education. have come many concerns for consumers being of minors in the online world and enterprises relating to the security and 4. Piracy and Theft Avoidance. Seeks to provide • Consumers accept measures that integrity of the digital environment. a secure digital business environment for all guarantee quality of service—if this stakeholders. requires active traffic management, they • Therefore, enhancing Digital Confidence, are open to it, provided there are clearly as a measure of how much consumers and • As owners of the client relationship, communicated terms of service. suppliers trust in digital and online services, network operators are challenged to put is becoming a key growth enabler—or in place policies and practices that find • To ensure proportional levels of intervention, inhibitor—for the digital economy. €124 general user acceptance, which goes beyond and to find general user acceptance, when billion in market volume (2012) could be compliance with legal requirements or serving adopting more pro-active policies and at risk, approximately 1 percent of GDP the interests of particular stakeholders. practices, network operators should use a for the EU-27, with market value related to graded approach following the E3 paradigm: content and advertising being most exposed. • Therefore, policies and practices should Educate first; Empower second; Enforce The economic upside of being successful in not be driven by single issues (e.g., piracy) selectively where required. increasing confidence and trust amounts to an but should reflect a holistic view of all Digital
Recommended publications
  • Vrije Universiteit Brussel Surveillance and Regulating Code: an Analysis of Graduated Response in France Meyer, Trisha; Van Aude

    Vrije Universiteit Brussel Surveillance and Regulating Code: an Analysis of Graduated Response in France Meyer, Trisha; Van Aude

    Vrije Universiteit Brussel Surveillance and regulating code: an analysis of graduated response in France Meyer, Trisha; Van Audenhove, Leo Published in: Cyber-surveillance in everyday life: international workshop Publication date: 2011 Document Version: Accepted author manuscript Link to publication Citation for published version (APA): Meyer, T., & Van Audenhove, L. (2011). Surveillance and regulating code: an analysis of graduated response in France. In Cyber-surveillance in everyday life: international workshop General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 04. Oct. 2021 “Cyber-surveillance in Everyday Life” international workshop 12-15 May 2011, University of Toronto Surveillance and regulating code: An analysis of graduated response in France Trisha Meyer & Leo Van Audenhove ABSTRACT This paper analyzes a recent policy initiative in France to deter copyright infringement. In 2009, France passed two laws aimed at fighting online piracy through graduated response, a warning & sanction system.
  • Meyer & Van Audenhove

    Meyer & Van Audenhove

    Vrije Universiteit Brussel The Internet: an open communication network? Studying online copyright enforcement policy from a communication science perspective Meyer, Trisha; Van Audenhove, Leo Published in: IAMCR: Cities, creativity, connectivity Publication date: 2011 Document Version: Accepted author manuscript Link to publication Citation for published version (APA): Meyer, T., & Van Audenhove, L. (2011). The Internet: an open communication network? Studying online copyright enforcement policy from a communication science perspective. In IAMCR: Cities, creativity, connectivity General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 05. Oct. 2021 IAMCR - Communication Policy and Technology (CP&T) section July 13-17, 2011, Istanbul (Turkey) ʻCities, Creativity, Connectivityʼ ʻThe Internet: an open communication network? Studying online copyright enforcement policy from a communication science perspective.ʼ by Trisha Meyer and Leo Van Audenhove ABSTRACT This paper aims to provide a theoretical framework for analyzing the impact of online copyright enforcement policies on the democratic potential of the Internet to be an open communication network.
  • Global Threat Research Report: Russia

    Global Threat Research Report: Russia

    Global Threat Research Report: Russia Eli Jellenc, Senior Threat Intelligence Analyst [email protected] Kimberly Zenz, Senior Threat Intelligence Analyst [email protected] Jan. 10, 2007 An iDefense Security Report The VeriSign® iDefense® Intelligence Team Created and distributed by the iDefense Intelligence Operations Team INSIDE THIS REPORT 1 Executive Summary.................................................................................................................................. 2 2 Background............................................................................................................................................... 4 2.1 Foreign Politics of the Russian Federation ......................................................................................4 2.2 Domestic Politics of the Russian Federation ................................................................................... 7 2.3 Economic Background ...................................................................................................................... 9 2.3.1 General Features....................................................................................................................... 9 2.3.2 Macroeconomic Indicators: Attractive on the Surface............................................................ 10 2.3.3 Macroeconomic Tables:...........................................................................................................11 2.3.4 Looking Deeper: Sources of Concern ....................................................................................
  • CIS 381: Social & Ethical Issues of Computing

    CIS 381: Social & Ethical Issues of Computing

    CIS 381: Social & Ethical Issues of Computing Security Dr. David Koop D. Koop, CIS 381, Spring 2019 Hackers, Past and Present • Original meaning of hacker: explorer, risk taker, system innovator (e.g. MIT’s Tech Model Railroad Club in 1950s) • Change in meaning from electronics to computers and networks • WarGames (1983): Hacking military supercomputer • Modern meaning of hacker: someone who gains unauthorized access to computers and computer networks [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !2 Password Advice • Do not use short passwords • Do not rely solely on words from the dictionary • Do not rely on substituting numbers for letters • Do not reuse passwords • Give ridiculous answers to security questions • Enable two-factor authentication if available • Have password recoveries sent to a secure email address [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !3 Case Study: Firesheep • October 2010: Eric Butler released Firesheep extension to Firefox browser • Firesheep made it possible for ordinary computer users to easily sidejack Web sessions • More than 500,000 downloads in first week • Attracted great deal of media attention • Early 2011: Facebook and Twitter announced options to use their sites securely • Evaluate: Was this a good action? [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !4 Viruses • Virus: Piece of self-replicating code embedded within another program (host) • Viruses associated with program files - Hard disks, floppy disks, CD- ROMS - Email attachments • How viruses spread - Diskettes or CDs - Email - Files downloaded from Internet [M. J. Quinn] D. Koop, CIS 381, Spring 2019 !5 Worm • Worm: - Self-contained program 7.3 Malware 329 - Spreads via computer network - Exploits security holes W • Tappen's Internet Worm W W - Released worm onto Internet from W MIT computer - Spread to significant numbers of Unix computers W - Infected computers kept crashing or became unresponsive Figure 7.4 A worm spreads to other computers by exploiting security holes in computer networks.
  • Operation “Olympic Games” Securing Memory Sharing

    Operation “Olympic Games” Securing Memory Sharing

    OPERATION “OLYMPIC GAMES” SECURING MEMORY SHARING FOR CLOUD TENANTS Kshitij Yadav Associate Sales Engineer Analyst Dell EMC [email protected] Abhiram T.S. Associate Sales Engineer Analyst Dell EMC [email protected] Knowledge Sharing Article © 2020 Dell Inc. or its subsidiaries. The Dell Technologies Proven Professional Certification program validates a wide range of skills and competencies across multiple technologies and products. From Associate, entry-level courses to Expert-level, experience-based exams, all professionals in or looking to begin a career in IT benefit from industry-leading training and certification paths from one of the world’s most trusted technology partners. Proven Professional certifications include: • Cloud • Converged/Hyperconverged Infrastructure • Data Protection • Data Science • Networking • Security • Servers • Storage • Enterprise Architect Courses are offered to meet different learning styles and schedules, including self-paced On Demand, remote-based Virtual Instructor-Led and in-person Classrooms. Whether you are an experienced IT professional or just getting started, Dell Technologies Proven Professional certifications are designed to clearly signal proficiency to colleagues and employers. Learn more at www.dell.com/certification 2020 Dell Technologies Proven Professional Knowledge Sharing 2 Table of Contents Introduction .................................................................................................................................................. 4 Stuxnet .....................................................................................................................................................
  • Mastering Spam a Multifaceted Approach with the Spamato Spam Filter System

    Mastering Spam a Multifaceted Approach with the Spamato Spam Filter System

    DISS. ETH NO. 16839 Mastering Spam A Multifaceted Approach with the Spamato Spam Filter System A dissertation submitted to the SWISS FEDERAL INSTITUTE OF TECHNOLOGY ZURICH for the degree of Doctor of Sciences presented by KENO ALBRECHT Dipl. Inf. born June 4, 1977 citizen of Germany accepted on the recommendation of Prof. Dr. Roger Wattenhofer, examiner Prof. Dr. Gordon V. Cormack, co-examiner Prof. Dr. Christof Fetzer, co-examiner 2006 Abstract Email is undoubtedly one of the most important applications used to com- municate over the Internet. Unfortunately, the email service lacks a crucial security mechanism: It is possible to send emails to arbitrary people with- out revealing one’s own identity. Additionally, sending millions of emails costs virtually nothing. Hence over the past years, these characteristics have facilitated and even boosted the formation of a new business branch that advertises products and services via unsolicited bulk emails, better known as spam. Nowadays, spam makes up more than 50% of all emails and thus has become a major vexation of the Internet experience. Although this problem has been dealt with for a long time, only little success (measured on a global scale) has been achieved so far. Fighting spam is a cat and mouse game where spammers and anti-spammers regularly beat each other with sophisticated techniques of increasing complexity. While spammers try to bypass existing spam filters, anti-spammers seek to detect and block new spamming tricks as soon as they emerge. In this dissertation, we describe the Spamato spam filter system as a mul- tifaceted approach to help regain a spam-free inbox.
  • Chapter 7: Computer and Network Security

    Chapter 7: Computer and Network Security

    Chapter 7: Computer and Network Security 1 Chapter Overview • Introduction • Hacking • Malware • Cyber crime and cyber attacks • Online voting 1-2 1- 7.1 Introduction • Computers getting faster and less expensive • Utility of networked computers increasing – Shopping and banking – Managing personal information – Controlling industrial processes • Increasing use of computers → growing importance of computer security 1-3 1- 7.2 Hacking 1-4 1- Hackers, Past and Present • Original meaning of hacker: explorer, risk taker, system innovator – MIT’s Tech Model Railroad Club in 1950s • 1960s-1980s: Focus shifted from electronics to computers and networks – 1983 movie WarGames • Modern meaning of hacker: someone who gains unauthorized access to computers and computer networks 1-5 1- Obtaining Login Names, Passwords • Eavesdropping • Dumpster diving • Social engineering 1-6 1- Password Dos and Don’ts • Do not use short passwords. • Do not use a word from the dictionary. • Do not rely on substituting numbers for letters. • Do not reuse passwords. • Give ridiculous answers to security questions. • Enable two-factor authentication if available. • Have password recoveries sent to a secure email address. 1-7 1- Computer Fraud and Abuse Act • Criminalizes wide variety of hacker-related activities – Transmitting code that damages a computer – Accessing any Internet-connected computer without authorization – Transmitting classified government information – Trafficking in computer passwords – Computer fraud – Computer extortion • Maximum penalty: 20 years
  • Net of the Living Dead: Bots, Botnets and Zombies

    Net of the Living Dead: Bots, Botnets and Zombies

    :: Net of the Living Dead: Bots, Botnets and Zombies Is your PC a zombie? Here’s how to avoid the attentions of blacklisters and vampire slayers. David Harley BA CISSP FBCS CITP Andrew Lee CISSP Cristian Borghello CISSP Table of Contents Introduction 2 Bots 3 Drones and Zombies 5 Day of the (Un)Dead 6 Botnet 7 Command and Control (C&C) 10 Dynamic DNS (DDNS) 11 Botnet Attacks 12 Self-Propagation 12 Spam Dissemination 12 Email Fraud 13 DoS and DDoS 13 Click Fraud 14 Miscellaneous Attacks 15 Meet the Bots 15 Bot/Botnet Detection 16 Conclusion 19 References 20 Glossary 22 White Paper: Net of the Living Dead: Bots, Botnets and Zombies 1 Introduction Organized crime long ago discovered the Internet’s profi t potential, and has succeeded not only in recruiting the necessary expertise to exploit that potential, but in capturing and subverting a signifi cant quantity of innocent Internet-attached systems and, in the process, acquiring the owners of those systems as unwitting accomplices. They have done this, almost exclusively, through the building of botnets. Most people will have heard references to bots and botnets, but few people actually understand them, what they do or what the scale of the problem is. It was, for instance, reported on June 13th 2007 by the Department of Justice and FBI with reference to “Operation Bot Roast” that over 1 million victim computer IP addresses were identifi ed.1 Craig Schiller and Jim Binkley2 refer to Botnets as “arguably the biggest threat that the web community has faced.” Exactly how big that problem is, it’s diffi cult to say.
  • Meyer & Van Audenhove

    Meyer & Van Audenhove

    Vrije Universiteit Brussel The Internet: an open communication network? Studying online copyright enforcement policy from a communication science perspective Meyer, Trisha; Van Audenhove, Leo Published in: IAMCR: Cities, creativity, connectivity Publication date: 2011 Document Version: Accepted author manuscript Link to publication Citation for published version (APA): Meyer, T., & Van Audenhove, L. (2011). The Internet: an open communication network? Studying online copyright enforcement policy from a communication science perspective. In IAMCR: Cities, creativity, connectivity General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 27. Sep. 2021 IAMCR - Communication Policy and Technology (CP&T) section July 13-17, 2011, Istanbul (Turkey) ʻCities, Creativity, Connectivityʼ ʻThe Internet: an open communication network? Studying online copyright enforcement policy from a communication science perspective.ʼ by Trisha Meyer and Leo Van Audenhove ABSTRACT This paper aims to provide a theoretical framework for analyzing the impact of online copyright enforcement policies on the democratic potential of the Internet to be an open communication network.
  • Computer and Network Security

    Computer and Network Security

    CISB412 Ethics & IT Professional Practices Computer and Network Security College of Information Technology, UNITEN ….getting more and more important… • Computers getting faster and less expensive • Utility of networked computers increasing • Shopping and banking • Social Media • Booking and reservations (flight, movies, …) • Managing personal information • Controlling industrial processes • Increasing use of computers growing importance of computer security College of Information Technology, UNITEN Specific threats • Hacking • Malware • Cyber crime and cyber attacks • Online voting College of Information Technology, UNITEN The original hackers (the good • guys)MIT’sOriginal Tech meaning Model of hacker: Railroad explorer, Club risk in taker, system 1950sinnovator • The history of model railroading parallels that of MIT, although the first student group, the Tech Model Railroad Club (TMRC), was not established until 1946. TMRC moved into the famous old Radiation Lab structure, Building 20, a year later and began constructing its first layout. Realism mattered and club members became fanatical in the design, fabrication, and operation of their quarter-scale world. Electrical Engineering Professor Carlton Tucker was the faculty advisor who helped supply the club with sophisticated electronics. During peak membership years in the 1950s and 1960s, many TMRC members became interested in computers. Thanks to Tucker and Digital Equipment Corporation (DEC), club members began experimenting with such pioneering computers as the TX-0, PDP-1, and PDP-11. The group members became legends and were featured in Steven Levy’s paean, Hackers—Heroes of the ComputerSource: Revolution http:// . Today, the TMRC is considered by somemuseum.mit.edu/150/63 to beCollege the of Information Technology, UNITEN birthplace of hacker culture.
  • Mastering Spam: a Multifaceted Approach with the Spamato Spam Filter System

    Mastering Spam: a Multifaceted Approach with the Spamato Spam Filter System

    Research Collection Doctoral Thesis Mastering Spam: A Multifaceted Approach with the Spamato Spam Filter System Author(s): Albrecht, Keno Publication Date: 2006 Permanent Link: https://doi.org/10.3929/ethz-a-005339283 Rights / License: In Copyright - Non-Commercial Use Permitted This page was generated automatically upon download from the ETH Zurich Research Collection. For more information please consult the Terms of use. ETH Library DISS. ETH NO. 16839 Mastering Spam A Multifaceted Approach with the Spamato Spam Filter System A dissertation submitted to the SWISS FEDERAL INSTITUTE OF TECHNOLOGY ZURICH for the degree of Doctor of Sciences presented by KENO ALBRECHT Dipl. Inf. born June 4, 1977 citizen of Germany accepted on the recommendation of Prof. Dr. Roger Wattenhofer, examiner Prof. Dr. Gordon V. Cormack, co-examiner Prof. Dr. Christof Fetzer, co-examiner 2006 Abstract Email is undoubtedly one of the most important applications used to com- municate over the Internet. Unfortunately, the email service lacks a crucial security mechanism: It is possible to send emails to arbitrary people with- out revealing one’s own identity. Additionally, sending millions of emails costs virtually nothing. Hence over the past years, these characteristics have facilitated and even boosted the formation of a new business branch that advertises products and services via unsolicited bulk emails, better known as spam. Nowadays, spam makes up more than 50% of all emails and thus has become a major vexation of the Internet experience. Although this problem has been dealt with for a long time, only little success (measured on a global scale) has been achieved so far.
  • CS 155 Final Exam

    CS 155 Final Exam

    CS 155: Spring 2006 June 2006 CS 155 Final Exam 1. (21 points) .......................................................... Short Answer (a) (3 points) What aspect of the spam problem will DKIM prevent? Answer: Phishing email pretending to be from bank. Bounce messages to hotmail. (b) (3 points) How are secret salts used in managing a password file? What is their purpose? Answer: Add artificial entropy to user passwords. Host verifies password with all possible values of the secret salt. (c) (3 points) Suppose trusted computing (TCG) is implemented without extra hard- ware. That is, suppose all hardware secret keys are stored in the OS kernel instead of a TCG chip. The OS can use these keys to attest to application code running on top of it. Are such attestations trustworthy? If so, explain why. If not, describe an attack. Answer: No. Memory snapshots using a VMM can be used to extract the secret keys. (d) (3 points) What is the same-origin principle? Say briefly how this policy is or is not applied to (i) cookies, (ii) visited links, and (iii) frames. Answer: A web site should only have access to parts of the browser state set by the web site. Only cookies set by a web site are visible to the site. Unfortunately, history entries are visible to all sites. (e) (3 points) What is the “confused deputy” problem? How does Java stack inspection help reduce this general problem? Answer: Trusted sub system (e.g. font loader) accesses a restricted object due to a request from an untrusted sub system. (f) (3 points) What is the principle of least privilege? Why is it important? Answer: Only grant a section of code the privileges it needs to do its job.