Outline for March 14, 2003

Reading: text, §22.7, §18

Outline for the Day

  1. Best approach: data, instruction typing
    1. On creation, it's type "data"
    2. Trusted certifier must move it to type "executable"
    3. Duff's idea: executable bit is "certified as executable" and must be set by trusted user
  2. Practise: Trust
    1. Untrusted software: what is it, example (USENET)
    2. Check source, programs (what to look for); C examples
    3. Limit who has access to what; least privilege
    4. Your environment (how do you know what you're executing); UNIX examples
  3. Practise: detecting writing
    1. Integrity check files a la binaudit, tripwire; go through signature block
    2. LOCUS approach: encipher program, decipher as you execute.
    3. Co-processors: checksum each sequence of instructions, compute checksum as you go; on difference, complain
    4. Sandboxes: confine protection domain of process
  4. Assurance
    1. Trust and assurance
    2. Requirements
    3. Policy, design, implementation, operational assurance
    4. Quick review of life cycle

Here is a PDF version of this document.