Outline for January 7, 2002

  1. Greetings and Felicitations!
  2. Puzzle of the day
  3. Overview of goals of computer security
    1. Security and the software life cycle
    2. Roles of trust and assurance
  4. How do you design a security policy?
    1. Risk analysis
    2. Analysis of other factors:
    3. Procedures
  5. Risk analysis
    1. What are the threats?
    2. How likely are they to arise?
    3. How can they best be dealt with?
  6. Analysis of other factors
    1. What else affects the policy (federal or state law, needs, etc.)?
    2. Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about computers, etc .); chain of evidence
    3. Discuss cryptographic software controls (possibly here, formerly in France, etc.)
  7. Procedures
    1. What procedures need to be put in place, and how will they affect security?
  8. Human Factors
    1. Principle of Psychological Acceptability ( note: illegal violates this)
    2. Principle of common sense (it's not common; more when we discuss robust programming)
  9. Role of trust
    1. What is trust?
    2. Who cares?
  10. Robust Programming
    1. Go through handout, emphasizing principles
    2. Information hiding and abstraction
    3. Error handling

ECS 153, Introduction to Computer Security
Winter Quarter 2002
Email: cs153@cs.ucdavis.edu