Notes for January 8, 1997

  1. Hello
    1. Correction: section is on F3:10-4:00PM (not W) and there is no meeting this week
  2. Puzzle of the day
    1. Break into groups to discuss it for 5m or so, then present ideas
    2. Key points: attacker is toast, under the EPCA so are the sysadmins; if users are told that using their account means they waive their right to privacy, it's okay
  3. Amplifcation
    1. Company reported to have 1-800 modems, no root password
  4. How do you design a security policy?
    1. Risk analysis
    2. Analysis of other factors
    3. Procedures
  5. What are the threats?
    1. How likely are they to arise?
    2. How can they best be dealt with?
  6. Analysis of other factors
    1. What else affects the policy (federal or state law, needs, etc.)?
    2. Law: as above; discuss jurisdiction (federal or local), problems (illiteracy of authorities, etc.); chain of evidence
    3. Discuss cryptographic software controls (here, France, etc.)
  7. Procedures
    1. what procedures need to be put in place, and how will they affect security?
  8. Human Factors
    1. Principle of Psychological Acceptability (note: illegal violates this)
    2. Principle of keeping dangerous tools out of untrained hands
  9. Design Principles
    1. Principle of Psychological Acceptability
    2. Principle of Least Privilege
    3. Principle of Fail-Safe Defaults
    4. Principle of Economy of Mechanism (KISS principle, redone)
    5. Principle of Complete Mediation
    6. Principle of Separation of Privilege
    7. Principle of Least Common Mechanism
    8. Principle of Open Design

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 1/23/97