Notes for January 31, 1997

  1. Hello
    1. Should have homeworks back by Monday
  2. Puzzle of the day
    1. Key point: executing arbitrary programs on your system, appending to/overwriting programs
  3. Ultimate in aging: One-Time Pads
    1. Password is valid for only one use
    2. May work from list, or new password may be generated from old by a function
    3. Example: S/Key
  4. Challenge-response systems
    1. Computer issues challenge, user presents response to verify secret information known/item possessed
    2. Example operations: f(x) = x+1, random, string (for users without computers), time of day, computer sends E(x), you answer E(D(E(x))+1)
    3. Note: password never sent on wire or network
    4. Attack: monkey-in-the-middle
    5. Defense: mutual authentication (will discuss more sophisticated network-based protocols later)
  5. Biometrics
    1. Depend on physical characteristics
    2. Examples: pattern of typing (remarkably effective), retinal scans, etc.
  6. Location
    1. Bind user to some location detection device (human, GPS)
    2. Authenticate by location of the device
  7. Notion of "privilege"
    1. Go through OS idea quickly
    2. Protection rings in Multics
    3. Nesting program units
  8. Different forms of access control
    1. UNIX method
    2. ACLs: describe, revocation issue
    3. MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3) call bracket - can call segment through gate; so (4, 6, 9) as example
    4. Capabilities: file descriptors in UNIX

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 2/1/97