Secure Enclaves (Global)
High-quality technical overview of Secure Enclaves in the context of blockchain security.
Types: 1. Social Engineering (CEO Fraud). 2. Technical (Session Hijacking). 3. AI-driven (Deepfakes). 4. Admin Feature (Legitimate bypass).
graph LR
Center["Secure Enclaves (Global)"]:::main
Rel_sandboxing["sandboxing"]:::related -.-> Center
click Rel_sandboxing "/terms/sandboxing"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Wyjaśnij jak 5-latkowi
Imagine you have a club where only superheroes are allowed. A villain puts on a Spiderman suit and a mask and walks right past the guard. The guard thinks it's Spiderman, so he doesn't check for a real ID. In the digital world, hackers put on the 'mask' of your username and password to get past the security guard.
🤓 Expert Deep Dive
Technically, impersonation can be categorized into 'Pre-Authentication' (tricking the human) and 'Post-Authentication' (tricking the system). In modern web apps, 'JWT (JSON Web Token) Impersonation' is a major risk where an attacker modifies the 'sub' (subject) field of a token to assume another user's identity. In corporate environments, 'Service Account Impersonation' allows an attacker with low privileges to 'escalate' their access by assuming the role of a system process. Defenses include 'Mutual TLS' (mTLS), strict session timeouts, and AI-based 'Behavioral Analysis' that detects if 'John' is suddenly doing things that 'John' never does.