Outline for September 26, 2003
Reading: Chapter 1
Discussion Problem
A student discovers a flaw in the department's computer system. To
ensure that the flaw really exists, she exploits it to gain extra
privileges on the system. These privileges allow her to read any
file on the system, whereas without the privileges, there are files
that the student cannot read.
- Given that there were files she was not supposed to be able to
read, did the student act ethically in exploiting the flaw?
- The computer system did not provide sufficient mechanisms to
prevent the student from obtaining the additional privileges. Did
she "break in" (that is, breach security) or was her
action not a violation of security?
- The student reports the problem to the department chairperson,
who promptly files charges against the student for breaking in.
Assuming that what the student did was a violation of security,
did the chairperson act ethically?
Outline for the Day
- Basic components of computer security
- Confidentiality
- Integrity
- Availability
- Classes of threats
- Disclosure
- Deception
- Disruption
- Usurpation
- Policy vs. mechanism
- Policy
- Mechanism
- Goals of security
- Prevention
- Detection
- Recovery
- Trust and Assumptions
- Types of mechanisms: secure, precise, broad
- Assurance
- Specification
- Design
- Implementation
- Maintenance and operation
- Operational Issues
- Cost-benefit analysis
- Risk analysis
Here is a PDF version of this document.