Outline for March 31, 2005

Reading: §1

Discussion

A famous computer scientist once said that the only way to make a computer system secure was to put it in a box, fill the box with concrete, and drop it in the bottom of the deepest part of the ocean.

1. Under what conditions is he right?
2. Under what conditions is he wrong?

Outline

1. Basic components of computer security
   1. Confidentiality
   2. Integrity
   3. Availability
2. Classes of threats
   1. Disclosure
   2. Deception
   3. Disruption
   4. Usurpation
3. Policy vs. mechanism
   1. Policy
   2. Mechanism
4. Goals of security
   1. Prevention
   2. Detection
   3. Recovery
5. Trust and Assumptions
6. Types of mechanisms: secure, precise, broad
7. Assurance
   1. Specification
   2. Design
   3. Implementation
   4. Maintenance and operation
8. Operational Issues
   1. Cost-benefit analysis
   2. Risk analysis
9. Laws and customs
   1. Human issues
   2. Organizational problems
   3. People problems