Outline for March 31, 1997

  1. Greetings and Felicitations
    1. Review general information
    2. Pass out scribe sheet, explain purpose, etc.
  2. Basic components
    1. Confidentiality
    2. Integrity
    3. Availability
  3. Threats
    1. snooping
    2. modification
    3. masquerading; contrast with delegation
    4. repudiation of origin
    5. denial of receipt
    6. delay
    7. denial of service
  4. Role of policy
    1. example of student copying files from another
    2. emphasize: policy defines security
    3. distinguish between policy and mechanism
  5. Goals of security
    1. prevention
    2. detection
    3. recovery
  6. Trust
    1. hammer this home: all security rests on trust
    2. first problem: security mechanisms correctly implement security policy; walk through example of a program that logs you in; point out what is trusted
    3. second problem: policy does what you want; define secure, precise
  7. Operational issues; change over time
    1. cost-benefit analysis
    2. risk analysis (comes into play in cost-benefit too)
    3. laws and customs
  8. Human Factors
    1. organizational problems
    2. people problems (include social engineering)

You can get this document in Postscript, ASCII text, or Framemaker version 5.1.
Notes by Michael Clifford: [Postscript] [Text]
Send email to cs253@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562


Page last modified on 4/4/97