Outline for September 29, 2005

Reading: "The Law" by Robert Coates

1. All about the class
2. Puzzle of the day
3. Overview of goals of computer security
   1. Confidentiality
   2. Integrity
   3. Availability
4. Policies and mechanisms
5. Goals of security
   1. Prevention
   2. Detection
   3. Recovery
6. Trust and assumptions
7. Functionality and assurance
8. Laws and customs
   1. Human issues
   2. Organizational problems
   3. People problems

Puzzle of the Day

A hypothetical computer science department provides a Hypothetical Computer Science Instructional Facility. Students do their homework on the HCSIF computers. Suppose Alice, a student in a beginning programming class, writes a program but fails to use the protection mechanisms to prevent others from reading it. Bob, another student in the same class, reads Alice's program.

1. If the security policy of the HCSIF says that students are not allowed to read homework-related files from other students, has Bob violated security? Has Alice?
2. If Alice had used the protection mechanisms to prevent other students from reading the file, but Bob figured out a way to read the file, would your answer to part 1 change? If so, how?
3. If Alice told Bob to "feel free to look at my answer, just don't copy it," would your answer to part 1 change? If so, how?