Outline for April 20, 2004

Reading: Chapter 29.1-29.4

Discussion Problem

Actually, Socrates was an organizer. The function of an organizer is to raise questions that agitate, that break through the accepted pattern. Socrates, with his goal of "know thyself," was raising the internal questions within the individual that are so essential for the revolution which is external to the individual. So Socrates was carrying out the first stage of making revolutionaries. If he had been permitted to continue raising questions about the meaning of life, to examine life and refuse the conventional values, the internal revolution would soon have moved out into the political arena. Those who tried him and sentenced him to death knew what they were doing.1
How might you apply this philosophy to computer security?

Outline for the Day

  1. Security in Programming
    1. Example program: goal
  2. Requirements and Policy
    1. Access to role account conditioned on user, location, time
    2. How to handle settings of accounts: override, merge
    3. Who can alter access control information
    4. Allow unrestricted and restricted access
    5. Access to objects owned by role account restricted to those authorized to use role account
  3. Threat Analysis
    1. Unauthorized users accessing role accounts
      1. Obtaining access to a role account as though an authorized user
      2. Authorized user using non-secure channel to obtain access, exposing information to unauthorized user
      3. Unauthorized user altering access control information
      4. Authorized user executing Trojan horse to give access to unauthorized user
    2. Authorized users access in role accounts
      1. Performing unauthorized commands (intentionally)
      2. Executing command that performs unauthorized actions (unintentionally)
      3. Changing restrictions on ability to obtain access to account
  4. Design
    1. User interface
    2. High-level design
    3. Access to roles and commands
  5. Refinement
    1. First level
    2. Second level
    3. Functions: location, access control record, error handling

1. Saul Alinsky, Rules for Radicals, Random House, Inc., New York, NY (1972) pp. 72-73.


Here is a PDF version of this document.