Notes for October 3, 2000

1. Greetings and Felicitations!
   1. Room change: beginning on Thursday, we meet at 1204 Haring Hall; it's a bigger room.
   2. Because of this, we can let about 10 more people into the class; these will come off the top of the wait list.
   3. Logs for my system, nob.cs.ucdavis.edu, available at the MyUCDavis web site and are visible only to registered students, like the Chapter 1 handout
2. Puzzle of the day
3. Human Factors
   1. Principle of Psychological Acceptability (note: illegal violates this)
   2. Principle of common sense (it's not common; more when we discuss robust programming)
4. Role of trust
   1. What is trust?
   2. Who cares?
5. Robust Programming
   1. Go through handout, emphasizing principles
   2. Information hiding and abstraction
   3. Error handling

Puzzle of the Day

A student suspects there is a vulnerability on a system in a university public access laboratory. She tests this by trying to exploit the vulnerability. She succeeds, and obtains privileges that she would not normally have. She reports both the hole and her exploiting it to the system staff, who in turn report it to the manager of the laboratory. The manager files charges of breaking into a computer system against the student. The student is promptly hauled before the Student Judicial Authority.

1. Did the student act ethically by testing the system for the security hole before reporting it?
2. Did the manager act ethically by filing charges against the student?
3. The manager told the system staff not to bother fixing the hole, because the action taken by the SJA would deter any future break-ins through that hole. Was the manager's action appropriate?

Matt Bishop Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060 Fax: +1 (530) 752-4767 Email: bishop@cs.ucdavis.edu

Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.