Lecture 1, April 1
Reading: text, §1
Due: Homework #1, due April 12, 2013
- Greetings and felicitations!
- About the class
- Basic components of computer security
- Classes of threats
- Policy vs. mechanism
- Goals of security
- Trust and Assumptions
- Types of mechanisms: secure, precise, broad
- Maintenance and operation
- Human issues
- Organizational problems
- People problems
Puzzle for Lecture 1, April 1
A hypothetical computer science department provides a Hypothetical Computer Science Instructional Facility. Students do their homework on the HCSIF computers.
Suppose a student in a beginning programming class writes a program but fails to use the protection mechanisms to prevent others from reading it. A second student reads the first student’s program.
- If the security policy of the HCSIF says that students are not allowed to read homework-related files from other students, has the second student violated security? Has the first?
- If the first student had used the protection mechanisms to prevent other students from reading the file, but the second student figured out a way to read the file, would your answer to part 1 change? If so, how?
- If the first student told the second student to “feel free to look at my answer, just don’t copy it,” would your answer to part 1 change? If so, how?