CSE 227: Lecture 1
The topics covered in this lecture are
security policy versus enforcement mechanisms,
TCBs, Trusted Path,
authentication, authorization, and accountability.
In computer security we often do not (or cannot) minimize the security
risks. Instead, we try to manage it.
To see what this means, let us look at a strawman example. Al
Qaeda's 9/11 terrorist acts are horrible and we wish to prevent
anything similar from ocurring in the future. One strategy for doing
so might be to eliminate air travel altogether: permanently close all
the (non-military) airports, declare all airlines out-of-business,
etc. The cost of doing so to the country is, of course, unacceptable.
search CSE |
bsy's home page |
pgp certserver |
email@example.com, last updated Wed Jan 8 00:57:59 PST 2003. Copyright 2003 Bennet Yee.