I’m trying to understand LCM and how David Hopwood’s discovery is a noteworthy example of it. This site contains two important things. First, it identifies Hopwood’s interface attack (1996) as an example of LCM, and second, it includes a description (highlighted in the screenshot below) of the issue that seems to make things more clear than anything else I could find. The problem is I don’t understand the connection between this vulnerability and LCM.
Here is a screenshot of the referenced site:
Hopwood made the announcement through the SRI RISKS-LIST. The full announcement released in issue 17.83 is as follows:
I have a general understanding that the LCM principal says “mechanisms used to access resources should not be shared” but I’m not able to apply it very well here. I also am not familiar with Java (and I don’t think I really have to be in this instance but it seems like it would help).
My question is, “What is the shared mechanism that is used to access resources?” (Is there another way to describe the crux of the issue?)