One of the goals of this class is to teach you to question things. Assumptions, designs, and implementations invariably make certain assumptions about the environment. In order to encourage you to ask questions, we've arranged what (we hope) is a rather painless experiment.

We want you to ask at least one question a week about something related to computer security. Your question can come from something in class, in the notes, something you read or heard about in the media, or just something that strikes your fancy. Your question must be specific, in the sense that it challenges an assumption or raises issues of analysis for a problem. Here are some examples:

  1. A firewall is supposed to allow only some messages through from the outside to the inside. The assumption is that the firewall's software works right. How do they tell when the code that does this filtering is working right?
  2. You said in class that using strcpy is bad because it doesn't check bounds, and we should use strncpy. But what happens if we give strncpy a negative length?
  3. Is "ethical hacking" really ethical?

You can have fun with this. We'll put the best questions each week on a web page. We may answer some (it depends on how complex our answers are, and what we plan to cover in class). This is an opportunity to have some fun!

Please submit one question a week. You will get 1 point if you submit a question and 2 points if we post it to the web page. At the end of the term, we will treat this as a homework assignment, with 12 points possible. (This means you will need to have at least 2 questions posted during the term.) The questions are due by Thursday at noon so we can talk about any of them in discussion section.

Please submit the question to, with the subject line saying only QUESTION. For example (the computer types boldface; the user types in Courier):

% mail
When you're proving programs correct, don't
you also need to prove the compiler correct to be sure the program will
do what it claims?

Remember, this is your chance to challenge conventional wisdom (or stupidity). Have fun!

Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.

Page last modified on 9/28/2000