Page 408 -
P. 408
seCurity guiDe Semantic Security
grades by student name or identifier, so instead I post the Megan, however, has other ideas. Because the report is 407
grades for each group. If you want to get the grades for each published on SharePoint, she can obtain an electronic copy
student, all you have to do is combine the list from Lecture 5 of it. It’s an Acrobat report, and using Acrobat’s handy
with the list from Lecture 10. You might say that the release Search feature, she soon has a list of employees and the
of grades in this example does no real harm—after all, it is a week they were hired.
list of grades from one assignment. She now examines the report she received for her
But go back to Megan Cho in HR. Suppose Megan study, the one that has SalaryOfferAmount and the offer
evaluates the employee compensation program. The COO date, and she does some interpretation. During the week
believes salary offers have been inconsistent over time of July 21, three offers were extended: one for $35,000,
and that they vary too widely by department. Accordingly, one for $53,000, and one for $110,000. She also notices
the COO authorizes Megan to receive a report that lists from the “New Employees” report that a director of market-
SalaryOfferAmount and OfferDate and a second report that ing programs, a product test engineer, and a receptionist
lists Department and AverageSalary. were hired that same week. It’s unlikely that they paid the
Those reports are relevant to her task and seem in- receptionist $110,000; that sounds more like the director
nocuous enough. But Megan realizes that she could use of marketing programs. So, she now “knows” (infers) that
the information they contain to determine individual sala- person’s salary.
ries—information she does not have and is not authorized Next, going back to the department report and using
to receive. She proceeds as follows. the employee directory, she sees that the marketing director
Like all employees, Megan has access to the employee is in the marketing programs department. There are just
directory on the Web portal. Using the directory, she can three people in that department, and their average salary
obtain a list of employees in each department, and using is $105,000. Doing the arithmetic, she now knows that the
the facilities of her ever-so-helpful report-authoring system average salary for the other two people is $102,500. If she
she combines that list with the department and average- can find the hire week for one of those other two people, she
salary report. Now she has a list of the names of employees can find out both the second and third person’s salaries.
in a group and the average salary for that group. You get the idea. Megan was given just two reports
Megan’s employer likes to welcome new employees to to do her job. Yet she combined the information in those
the company. Accordingly, each week the company pub- reports with publicly available information and was able to
lishes an article about new employees who have been hired. deduce salaries, for at least some employees. These salaries
The article makes pleasant comments about each person are much more than she is supposed to know. This is a se-
and encourages employees to meet and greet them. mantic security problem.
DisCussion Questions
1. In your own words, explain the difference between ac- 4. What legal responsibility does an organization have to
cess security and semantic security. protect against semantic security problems?
2. Why do reporting systems increase the risk of semantic 5. Suppose semantic security problems are inevitable. Do
security problems? you see an opportunity for new products from insurance
3. What can an organization do to protect itself against ac- companies? If so, describe such an insurance product. If
cidental losses due to semantic security problems? not, explain why.
