Butler Lampson
TECS Week 2005
January 2005
Note: These slides
were prepared in Word, and some of the formatting is lost in this HTML version.
Here are the Word and Acrobat
versions.
Introduction: what is security?
Principals, the speaks for relation, and chains of responsibility
Secure channels and encryption
Names and groups
Authenticating systems
Authorization
Implementation
Its about value, locks, and punishment.
-Locks good enough that bad guys dont break in very often.
-Police and courts good enough that bad guys that do break in get caught and punished often enough.
-Less interference with daily life than value of loss.
Security is expensivebuy only what you need.
-People do behave this way
-We dont tell them thisa big mistake
-Perfect security is the worst enemy of real security
Policy: Specifying security
What
is it supposed to do?
Mechanism: Implementing security
How
does it do it?
Assurance: Correctness of security
Does
it really work?
Secrecy controlling who gets to read information
Integrity controlling how information changes or resources are used
Availability providing prompt access to information and resources
Accountability knowing who has had access to information or resources
Dangers
Vandalism or sabotage that
damages information integrity
disrupts service availability
Theft of money integrity
Theft of information secrecy
Loss of privacy secrecy
Vulnerabilities
Bad (buggy or hostile) programs
Bad
(careless or hostile) people
giving instructions to good programs
Bad guys corrupting or eavesdropping on communications
Adversaries that can and want to exploit vulnerabilities
Coarse: IsolateKeep everybody out
Disconnect
Medium: ExcludeKeep the bad guys out
Code signing, firewalls
Fine: RestrictLet the bad guys in, but keep them from doing damage
Hardest to implement
Sandboxing, access control
RecoverUndo the damage. Helps with integrity.