Notes for October 5, 1998
Greetings and Felicitations!
Web site up; some errors in General Information (John Hughes' mailing address) are fixed there
John's hours: M1-3, Tu 3-4; mine, MWF 11-12. Ask if anyone can't make these.
No class Wednesday, but discussion section then. (My office hrs cancelled then!)
No office hours today; interviewing prospective admin assistant for the lab
The telnetd is the same size as the Bourne shell. So, it may have been replaced by the Bourne shell ...
How do you design a security policy?
Risk analysis
Analysis of other factors:
Procedures
Risk analysis
What are the threats?
How likely are they to arise?
How can they best be dealt with?
Analysis of other factors
What else affects the policy (federal or state law, needs, etc.)?
Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about computers, etc.); chain of evidence
Discuss cryptographic software controls (here, France, etc.)
Procedures
What procedures need to be put in place, and how will they affect security?
Human Factors
Principle of Psychological Acceptability (note: illegal violates this)
Principle of common sense (it's not common; more when we discuss robust programming)
Design Principles
Principle of Psychological Acceptability
Principle of Least Privilege
Principle of Fail-Safe Defaults
Principle of Economy of Mechanism (KISS principle, redone)
Principle of Complete Mediation
Principle of Separation of Privilege
Principle of Least Common Mechanism
Principle of Open Design
You can also see this document
in its native format
,
in Postscript
,
in PDF
, or
in ASCII text
.
Send email to
[email protected]
.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 10/5/98