Outline for March 14, 2003

Reading: text, §22.7, §18

Outline for the Day

1. Best approach: data, instruction typing
   1. On creation, it's type "data"
   2. Trusted certifier must move it to type "executable"
   3. Duff's idea: executable bit is "certified as executable" and must be set by trusted user
2. Practise: Trust
   1. Untrusted software: what is it, example (USENET)
   2. Check source, programs (what to look for); C examples
   3. Limit who has access to what; least privilege
   4. Your environment (how do you know what you're executing); UNIX examples
3. Practise: detecting writing
   1. Integrity check files a la binaudit, tripwire; go through signature block
   2. LOCUS approach: encipher program, decipher as you execute.
   3. Co-processors: checksum each sequence of instructions, compute checksum as you go; on difference, complain
   4. Sandboxes: confine protection domain of process
4. Assurance
   1. Trust and assurance
   2. Requirements
   3. Policy, design, implementation, operational assurance
   4. Quick review of life cycle