Lecture 5 Outline

Reading: text, §14; [SS75, Bis11]
Due: Homework 2, on Apr. 19

  1. Greetings and felicitations!
  2. Puzzle of the Day
  3. Principles of secure design
    1. Principle of least privilege
    2. Principle of fail-safe defaults
    3. Principle of economy of mechanism
    4. Principle of complete mediation
    5. Principle of open design
    6. Principle of separation of privilege
    7. Principle of least common mechanism
    8. Principle of least astonishment
  4. Robust programming principles
    1. Paranoia
    2. Stupidity
    3. Dangerous implements
    4. Can’t happen
  5. Fragile library

Discussion Problem. Senators Dianne Feinstein (D-CA) and Richard Burr (R-NC) are drafting a law called “Compliance with Court Orders Act of 2016”. This bill, according to The Hill,1 says that “all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data” (p. 2, ll. 16–21), and further that a “provider of remote computing service or electronic communication service to the public that distributes licenses for products, services, applications, or software of or by a covered entity shall ensure that any such products, services, applications, or software distributed by such person be capable of” (p. 4, ll. 10–16) complying with the above requirement. The covered entities include device and software manufacturers, and “any person who provides a product or method to facilitate a communication or the processing or storage of data.” (p. 6, ll. 23–25).

What would the effect of such a law be upon the iPhone or Android encryption mechanisms? Upon using encryption to protect emails? Upon app marketplaces like Apple’s App store or Google’s Marketplace?

  1. http://thehill.com/policy/cybersecurity/275567-senate-intel-encryption-bill-mandates-technical-assistance

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of April 11, 2016 at 9:26PM

You can also obtain a PDF version of this.