Outline for March 14, 2003
Reading: text, §22.7, §18
Outline for the Day
- Best approach: data, instruction typing
- On creation, it's type "data"
- Trusted certifier must move it to type "executable"
- Duff's idea: executable bit is "certified as executable"
and must be set by trusted user
- Practise: Trust
- Untrusted software: what is it, example (USENET)
- Check source, programs (what to look for); C examples
- Limit who has access to what; least privilege
- Your environment (how do you know what you're executing); UNIX examples
- Practise: detecting writing
- Integrity check files a la binaudit, tripwire; go through signature block
- LOCUS approach: encipher program, decipher as you execute.
- Co-processors: checksum each sequence of instructions, compute
checksum as you go; on difference, complain
- Sandboxes: confine protection domain of process
- Trust and assurance
- Policy, design, implementation, operational assurance
- Quick review of life cycle
Here is a PDF version of this document.