Lecture 2, April 3

Reading: [Bis11] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #1, due April 12, 2013

1. Greetings and felicitations!
2. Assurance
   1. Specification
   2. Design
   3. Implementation
   4. Maintenance and operation
3. Human issues
   1. Organizational problems
   2. People problems
4. Robust programming principles
   1. Paranoia
   2. Stupidity
   3. Dangerous implements
   4. Can’t happen
5. Fragile library
6. Robust library
   1. Interface
   2. Internal structures
   3. Tokens and their generation and analysis
   4. Functions

Puzzle for Lecture 2, April 3

A student discovers a flaw in the department’s computer system. To ensure that the flaw really exists, she exploits it to gain extra privileges on the system. These privileges allow her to read any file on the system, whereas without the privileges, there are files that the student cannot read.

1. Given that there were files she was not supposed to be able to read, did the student act ethically in exploiting the flaw?
2. The computer system did not provide sufficient mechanisms to prevent the student from obtaining the additional privileges. Did she “break in” (that is, breach security) or was her action not a violation of security?
3. The student reports the problem to the department chairperson, who promptly files charges against the student for breaking in. Assuming that what the student did was a violation of security, did the chairperson act ethically?