CSE 227: Lecture 1


The topics covered in this lecture are security policy versus enforcement mechanisms, security goals, TCBs, Trusted Path, availability, confidentiality, integrity, authentication, authorization, and accountability. under construction risk management, security goals,

Risk Management

In computer security we often do not (or cannot) minimize the security risks. Instead, we try to manage it.

To see what this means, let us look at a strawman example. Al Qaeda's 9/11 terrorist acts are horrible and we wish to prevent anything similar from ocurring in the future. One strategy for doing so might be to eliminate air travel altogether: permanently close all the (non-military) airports, declare all airlines out-of-business, etc. The cost of doing so to the country is, of course, unacceptable.

Secuity Goals


[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | pgp certserver | openpgp certserver ]
picture of bsy

bsy+cse227w03@cs.ucsd.edu, last updated Wed Jan 8 00:57:59 PST 2003. Copyright 2003 Bennet Yee.
email bsy.


Don't make me hand over my privacy keys!