02-02-2010-answers - CS 161 Spring 2010 Computer Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Spring 2010 Paxson/Wagner Discussion 2 February 2, 2010 1. TCB (Trusted Computing Base) (a) Is trust a good thing? Why or why not? (b) What is a trusted computing base? (c) What can we do to reduce the size of the TCB? (d) What components are included in the (physical analog of the) TCB for the following security goals: i. Preventing break-ins to your apartment ii. Locking up your bike iii. Preventing people from riding BART for free iv. Making sure no explosives are present on an airplane v. Preventing all the money from being stolen from a bank vault Answer (a) It’s great to trust a friend, but it’s bad to have to trust a component in a system that has security goals. It means that the component can violate your security goals if it fails. This is the difference between something you trust and something that is trustworthy . (b) It is the set of hardware and software on which we depend for correct enforcement of policy. If part of the TCB is incorrect, the system’s security properties can no longer be guaranteed to be true. (Paraphrased from Pfleeger.) (c) Privilege separation can help reduce the size of the TCB. You will end up with more components, but not all of them can violate your security goals if they break. (d) (This list is not necessarily complete.) i. the lock, the door, the walls, the windows, the roof, the floor, you, anyone who has a key ii. the bike frame, the bike lock, the post you lock it to, the ground iii. the ticket machines, the tickets, the turnstiles, the entrances, the employees iv. the TSA employees, the security gates, the “one-way” exit gates, the fences surrounding the run- way area (but NOT the airline employees, restaurant employees, others?) v. the vault, the owner + the manager (together, but not separately, assuming one has the code and the other has the key) 2. Security Principles The following are the security principles we discussed in lecture: A. Security is economics B. Least privilege CS 161, Spring 2010, Discussion 2 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Use failsafe defaults D. Separation of responsibility E. Defense in depth F. Psychological acceptability G. Human factors matter H. Ensure complete mediation I. Know your threat model J. Detect if you can’t prevent K. Don’t rely on security through obscurity L. Design security in from the start Identify the principle(s) relevant to each of the following scenarios:
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 5

02-02-2010-answers - CS 161 Spring 2010 Computer Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online