CSE 227: Lecture 3

The topics covered in this lecture are lecture 1 and lecture 2 review; the concepts of weakest link, cost-benefits analysis.

Weakest Link

In addition to the desirable security properties from earlier, an important notion is that of the weakest link. A smart attacker will look for the weakest link in the computer system's defensive armor, and so the efforts to secure a system should be directed at the weakest link. A real life analogy to this is protecting your home from a robber who wants to break in and steal your valuables. Adding steel reinforcements to your front door is not very useful if you have a nice large plate glass window that can be easily broken.

Of course, we may not want to get rid of our nice picture window. This brings us to the notion of when are the security measures enough. Certainly, living in a fortress is not as pleasant as living in a normal home -- and while it is possible to build very secure computer systems, those systems will end up being not very usable. The primary mission of the computer system is to let you do your work -- for example, to build software for some new product (majority of programmers); to conduct research / teach (for me); and to do homework / learn (for you). Determining the proper amount of security is difficult, and we'll discuss this some more later in the quarter.

Cost-Benefits Analysis

Security is never free. Implementing security mechanisms requires coding effort, increases system complexity, and probably makes the system harder to use. An important part of the security analysis is to analyse the risks involved in a system design and to look at what security mechanisms might be used to mitigate these risks. For the various candidate security mechanisms, what are the costs of implementing them? how will using the security schemes impact the users of the system? how will it slow them down or make it more difficult for them to achieve their goals?

The most secure system is one that is powered off and disconnected from the network. However, such a system will not help you ship code: security by turning off the computer has a very high cost -- it eliminates all of the benefits of having the computer in the first place!

[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | certserver ]
picture of bsy

bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:51 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.

Don't make me hand over my privacy keys!