Outline for April 1, 2003

1. Basic components
   1. Confidentiality
   2. Integrity
   3. Availability
2. Threats
   1. Snooping
   2. Modification
   3. Masquerading; contrast with delegation
   4. Repudiation of origin
   5. Denial of receipt
   6. Delay
   7. Denial of service
3. Role of policy
   1. Example of student copying files from another
   2. Emphasize: policy defines security
   3. Distinguish between policy and mechanism
4. Goals of security
   1. Prevention
   2. Detection
   3. Recovery
5. Trust
   1. Hammer this home: all security rests on trust
   2. First problem: security mechanisms correctly implement security policy; walk through example of a program that logs you in; point out what is trusted
   3. Second problem: policy does what you want; define secure, precise
6. Operational issues; change over time
   1. Cost-benefit analysis
   2. Risk analysis (comes into play in cost-benefit too)
   3. Laws and customs
7. Human Factors
   1. Organizational problems
   2. People problems (include social engineering)
8. Principles of Secure Design
   1. Refer to both designing secure systems and securing existing systems
   2. Speaks to limiting damage
9. Principle of Least Privilege
   1. Give process only those privileges it needs
   2. Discuss use of roles; examples of systems which violate this (vanilla UNIX) and which maintain this (Secure Xenix)
   3. Examples in programming (making things setuid to root unnecessarily, limiting protection domain; modularity, robust programming)
   4. Example attacks (misuse of privileges, etc.)
10. Principle of Fail-Safe Defaults
    1. Default is to deny
    2. Example of violation: su program
11. Principle of Economy of Mechanism
    1. KISS principle
    2. Enables quick, easy verification
    3. Example of complexity: sendmail