Lecture 27: Authentication and authorization

• Types of authentication
  • something you have/are/know; two-factor authentication
  • Passwords (online/offline dictionary attacks, hashing, salting)
• Authorization
  • reference monitor, access control matrix, access control list, capabilities
  • complete mediation, least privilege, separation of privilege