Outline for January 7, 2002
Greetings and Felicitations!
Puzzle of the day
Overview of goals of computer security
Security and the software life cycle
Roles of trust and assurance
How do you design a security policy?
Analysis of other factors:
What are the threats?
How likely are they to arise?
How can they best be dealt with?
Analysis of other factors
What else affects the policy (federal or state law, needs,
Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about computers,
.); chain of evidence
Discuss cryptographic software controls (possibly here, formerly in France,
What procedures need to be put in place, and how will they affect security?
Principle of Psychological Acceptability (
: illegal violates this)
Principle of common sense (it's not common; more when we discuss robust programming)
Role of trust
What is trust?
Go through handout, emphasizing principles
Information hiding and abstraction
ECS 153, Introduction to Computer Security
Winter Quarter 2002