CSE 227: Lecture 3
The topics covered in this lecture are
lecture 1 and
lecture 2 review; the concepts of
In addition to the desirable security properties from earlier, an
important notion is that of the weakest link. A smart attacker will
look for the weakest link in the computer system's defensive armor,
and so the efforts to secure a system should be directed at the
weakest link. A real life analogy to this is protecting your home
from a robber who wants to break in and steal your valuables. Adding
steel reinforcements to your front door is not very useful if you have
a nice large plate glass window that can be easily broken.
Of course, we may not want to get rid of our nice picture window.
This brings us to the notion of when are the security measures enough.
Certainly, living in a fortress is not as pleasant as living in a
normal home -- and while it is possible to build very secure computer
systems, those systems will end up being not very usable. The primary
mission of the computer system is to let you do your work -- for
example, to build software for some new product (majority of
programmers); to conduct research / teach (for me); and to do homework
/ learn (for you). Determining the proper amount of security is
difficult, and we'll discuss this some more later in the quarter.
Security is never free. Implementing security mechanisms requires
coding effort, increases system complexity, and probably makes the
system harder to use. An important part of the security analysis is
to analyse the risks involved in a system design and to look at what
security mechanisms might be used to mitigate these risks. For the
various candidate security mechanisms, what are the costs of
implementing them? how will using the security schemes impact the
users of the system? how will it slow them down or make it more
difficult for them to achieve their goals?
The most secure system is one that is powered off and disconnected
from the network. However, such a system will not help you ship code:
security by turning off the computer has a very high cost -- it
eliminates all of the benefits of having the computer in the
search CSE |
bsy's home page |
email@example.com, last updated Mon Apr 8 20:19:51 PDT 2002. Copyright 2002 Bennet Yee.