Notes for December 2, 1998

  1. Greetings and Felicitations!
  2. Practise: blocking writing to communicate information or do damage
    1. Limit writing (use of MAC if available; show how to arrange system executables)
    2. Isolation
    3. Quarantine
  3. Practise: Trust
    1. Untrusted software: what is it, example (USENET)
    2. Check source, programs (what to look for); C examples
    3. Limit who has access to what
    4. Your environment (how do you know what you're executing); UNIX examples
    5. Least privilege; above with root
  4. Practise: detecting writing
    1. Integrity check files à la binaudit, tripwire; go through signature block
    2. LOCUS approach: encipher program, decipher as you execute.
    3. Co-processors: checksum each sequence of instructions, compute checksum as you go; on difference, complain
  5. Network security
    1. Main point: just like a system
  6. Review of ISO model
    1. physical
    2. data link
    3. network
    4. transport
    5. session
    6. presentation
    7. application
  7. PEM, PGP
    1. Goals: confidentiality, authentication, integrity, non-repudiation (maybel)
    2. Design goals: drop in (not change), works with any RFC 821-conformant MTA and any UA, and exchange messages without prior interaction
    3. Use of Data Exchange Key, Interchange Key
    4. Review of how to do confidentiality, authentication, integrity with public key IKs
    5. Details: canonicalization, security services, printable encoding (PEM)
    6. Certificate-based key management
    7. PGP v. PEM


You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562



Page last modified on 12/2/98