Outline for May 22, 2013

Reading: §18, 19
Due: Homework #4, due May 24, 2013
  1. Assurance
    1. Assurance and software life cycle
  2. Basics
    1. Threats
    2. Reference monitor, validation mechanism
    3. Design security in or layer it on?
  3. Policy and requirements
    1. Security specifications
    2. Problems with precision
    3. Example: System X and Bell-LaPadula
    4. Justifying requirements
  4. Techniques to support design assurance
    1. Subsystem, subcomponent, module
  5. Design documents
    1. Security functions summary specification
    2. External functional specification
    3. Internal design description
  6. Justifying design meets requirements

You can also obtain a PDF version of this. Version of May 21, 2013 at 10:39PM