Lecture 1, April 1

Reading: text, §1
Due: Homework #1, due April 12, 2013

  1. Greetings and felicitations!
    1. About the class
  2. Basic components of computer security
    1. Confidentiality
    2. Integrity
    3. Availability
  3. Classes of threats
    1. Disclosure
    2. Deception
    3. Disruption
    4. Usurpation
  4. Policy vs. mechanism
    1. Policy
    2. Mechanism
  5. Goals of security
    1. Prevention
    2. Detection
    3. Recovery
  6. Trust and Assumptions
  7. Types of mechanisms: secure, precise, broad
  8. Assurance
    1. Specification
    2. Design
    3. Implementation
    4. Maintenance and operation
  9. Human issues
    1. Organizational problems
    2. People problems

Puzzle for Lecture 1, April 1

A hypothetical computer science department provides a Hypothetical Computer Science Instructional Facility. Students do their homework on the HCSIF computers.

Suppose a student in a beginning programming class writes a program but fails to use the protection mechanisms to prevent others from reading it. A second student reads the first student’s program.

  1. If the security policy of the HCSIF says that students are not allowed to read homework-related files from other students, has the second student violated security? Has the first?
  2. If the first student had used the protection mechanisms to prevent other students from reading the file, but the second student figured out a way to read the file, would your answer to part 1 change? If so, how?
  3. If the first student told the second student to “feel free to look at my answer, just don’t copy it,” would your answer to part 1 change? If so, how?

You can also obtain a PDF version of this. Version of March 31, 2013 at 1:16PM