Outline for March 31, 2005

  1. Basic components
    1. Confidentiality
    2. Integrity
    3. Availability
  2. Threats
    1. Snooping
    2. Modification
    3. Masquerading; contrast with delegation
    4. Repudiation of origin
    5. Denial of receipt
    6. Delay
    7. Denial of service
  3. Role of policy
    1. Example of student copying files from another
    2. Emphasize: policy defines security
    3. Distinguish between policy and mechanism
  4. Goals of security
    1. Prevention
    2. Detection
    3. Recovery
  5. Trust
    1. Hammer this home: all security rests on trust
    2. First problem: security mechanisms correctly implement security policy; walk through example of a program that logs you in; point out what is trusted
    3. Second problem: policy does what you want; define secure, precise
  6. Operational issues; change over time
    1. Cost-benefit analysis
    2. Risk analysis (comes into play in cost-benefit too)
    3. Laws and customs
  7. Human Factors
    1. Organizational problems
    2. People problems (include social engineering)


Here is a PDF version of this document.