Outline for January 7, 2002
Greetings and Felicitations!
Puzzle of the day
Overview of goals of computer security
Security and the software life cycle
Roles of trust and assurance
How do you design a security policy?
Risk analysis
Analysis of other factors:
Procedures
Risk analysis
What are the threats?
How likely are they to arise?
How can they best be dealt with?
Analysis of other factors
What else affects the policy (federal or state law, needs,
etc
.)?
Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about computers,
etc
.); chain of evidence
Discuss cryptographic software controls (possibly here, formerly in France,
etc
.)
Procedures
What procedures need to be put in place, and how will they affect security?
Human Factors
Principle of Psychological Acceptability (
note
: illegal violates this)
Principle of common sense (it's not common; more when we discuss robust programming)
Role of trust
What is trust?
Who cares?
Robust Programming
Go through handout, emphasizing principles
Information hiding and abstraction
Error handling
ECS 153, Introduction to Computer Security
Winter Quarter 2002
Email:
cs153@cs.ucdavis.edu