Notes for September 28, 2000

  1. Greetings and Felicitations!
    1. Go through handouts, class rules
  2. Puzzle of the day
  3. Overview of goals of computer security
    1. Security services
    2. Security and the software life cycle
    3. Roles of trust and assurance
  4. How do you design a security policy?
    1. Risk analysis
    2. Analysis of other factors:
    3. Procedures
  5. Risk analysis
    1. What are the threats?
    2. How likely are they to arise?
    3. How can they best be dealt with?
  6. Analysis of other factors
    1. What else affects the policy (federal or state law, needs, etc.)?
    2. Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about computers, etc.); chain of evidence
    3. Discuss cryptographic software controls (here, France, etc.)
  7. Procedures
    1. What procedures need to be put in place, and how will they affect security?
  8. Human Factors
    1. Principle of Psychological Acceptability (note: illegal violates this)
    2. Principle of common sense (it's not common; more when we discuss robust programming)
  9. Role of trust
    1. What is trust?
    2. Who cares?

Puzzle of the Day

A hypothetical computer science department provides a Hypothetical Computer Science Instructional Facility. Students do their homework on the HCSIF computers. Suppose a student in a beginning programming class writes a program but fails to use the protection mechanisms to prevent others from reading it. A second student reads the first student's program.

  1. If the security policy of the HCSIF says that students are not allowed to read homework-related files from other students, has the second student violated security? Has the first?
  2. If the first student had used the protection mechanisms to prevent other students from reading the file, but the second student figured out a way to read the file, would your answer to part 1 change? If so, how?
  3. If the first student told the second student to "feel free to look at my answer, just don't copy it," would your answer to part 1 change? If so, how?

Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: bishop@cs.ucdavis.edu
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.

Page last modified on 9/28/2000