Lecture 6 Outline

Reading: [Bis11]
Due: Homework 2, on Apr. 19

  1. Greetings and felicitations!
  2. Puzzle of the Day
  3. Robust library
    1. Interface
    2. Internal structures
    3. Tokens and their generation and analysis
    4. Functions

Discussion Problem. Consider the following, from a paper by Kursawe and Katzenbeisser:
Recent investigations have found a massively increasing professionalisation and organization of attacks executed on consumer computing systems. Simultaneously, the systems we are trying to defend are getting more and more complex and networked, while promising security technologies—such as trusted boot and strong process isolation—appear to have troubles finding their way into mainstream devices.

This leads us to the conclusion that we may be forced to accept that the security war is lost for now, and that a considerable portion of all consumer PCs is under control of some organized malicious entity.1.

In the paper, the authors propose that system defense be left to the attackers who, to ensure they can keep control of the system, will secure it so that other attackers cannot get in. What do you think of this idea?

  1. K. Kursawe and S. Katzenbeisser, “Computing Under Occupation,” 2007 Workshop on New Security Paradigms pp. 81–88 (Sep. 2007); doi: 10.1145/1600176.1600191.
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of April 18, 2016 at 10:19PM

You can also obtain a PDF version of this.