Notes for October 2, 1998

  1. Greetings and Felicitations!
    1. Go through handouts, class rules
    2. Will require adding some vulnerabilities to the DOVES database as part of the course
    3. May perform a penetration exercise on an as-yet-undetermined system
  2. Puzzle of the day
    1. Not appropriate; invasion of systems akin to invading a home or business; Times will ignore protesters as "irresponsible" or may attack symptom (try to find, prosecute attackers) or even find just one security problem rather than secure the site
    2. Idea here is to force Times to deal with problem of bad reporting (as attackers see it); this won't do it. Better would be to publicize stories written by the reporter with a line-by-line critique, and be sure all the Times' competitors get them (in other words, let the reporter's incompetence speak for itself, and in effect ask why a respectable newspaper would employ a reporter who can't get facts straight)
  3. How do you design a security policy?
    1. Risk analysis
    2. Analysis of other factors:
    3. Procedures
  4. Risk analysis
    1. What are the threats?
    2. How likely are they to arise?
    3. How can they best be dealt with?
  5. Analysis of other factors
    1. What else affects the policy (federal or state law, needs, etc.)?
    2. Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about computers, etc.); chain of evidence
    3. Discuss cryptographic software controls (here, France, etc.)
  6. Procedures
    1. What procedures need to be put in place, and how will they affect security?
  7. Human Factors
    1. Principle of Psychological Acceptability (note: illegal violates this)
    2. Principle of common sense (it's not common; more when we discuss robust programming)
  8. Design Principles
    1. Principle of Psychological Acceptability
    2. Principle of Least Privilege
    3. Principle of Fail-Safe Defaults
    4. Principle of Economy of Mechanism (KISS principle, redone)
    5. Principle of Complete Mediation
    6. Principle of Separation of Privilege
    7. Principle of Least Common Mechanism
    8. Principle of Open Design



You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to [email protected]. Department of Computer Science
University of California at Davis
Davis, CA 95616-8562


Page last modified on 10/3/98