Lecture 1, April 1

Reading: text, §1
Due: Homework #1, due April 12, 2013

Greetings and felicitations!
1. About the class
Basic components of computer security
1. Confidentiality
2. Integrity
3. Availability
Classes of threats
1. Disclosure
2. Deception
3. Disruption
4. Usurpation
Policy vs. mechanism
1. Policy
2. Mechanism
Goals of security
1. Prevention
2. Detection
3. Recovery
Trust and Assumptions
Types of mechanisms: secure, precise, broad
Assurance
1. Specification
2. Design
3. Implementation
4. Maintenance and operation
Human issues
1. Organizational problems
2. People problems

Puzzle for Lecture 1, April 1

A hypothetical computer science department provides a Hypothetical Computer Science Instructional Facility. Students do their homework on the HCSIF computers.

Suppose a student in a beginning programming class writes a program but fails to use the protection mechanisms to prevent others from reading it. A second student reads the first student’s program.

If the security policy of the HCSIF says that students are not allowed to read homework-related files from other students, has the second student violated security? Has the first?
If the first student had used the protection mechanisms to prevent other students from reading the file, but the second student figured out a way to read the file, would your answer to part 1 change? If so, how?
If the first student told the second student to “feel free to look at my answer, just don’t copy it,” would your answer to part 1 change? If so, how?

You can also obtain a PDF version of this.

Version of March 31, 2013 at 1:16PM