Outline for March 29, 2006

Reading: text, §1, 13

  1. Greetings and felicitations!
    1. Review class information handouts
  2. Sketch of class
    1. Begin with overview
    2. Limits of security: what we can do–and can't do
    3. Policy models done formally
    4. Policy model composition
    5. Information flow models
    6. Theory of malicious logic
  3. Policy and mechanism
  4. Trust and assumptions
  5. Assurance
    1. Requirements and threat analysis
    2. Specification
    3. Design
    4. Implementation
    5. Deployment, maintenance, operation, retirement
    6. Underlying assumptions
  6. Stuff you won't hear again
    1. Legal, custom constraints
    2. Organizational problems
    3. People problems
  7. Principles of secure design
    1. Basis: simplicity and restriction
    2. Principle of least privilege
    3. Principle of fail-safe defaults
    4. Principle of economy of mechanism
    5. Principle of complete mediation
    6. Principle of open design
    7. Principle of separation of privilege
    8. Principle of least common mechanism
    9. Principle of psychological acceptability
Version of March, 2006 at 8:00 AM
You can also obtain a PDF version of this.