Lecture 27: Security overview

• Security concepts
  • trust/trustworthiness/trusted computing base
  • Gold standard (authentication, authorization, audit)
  • confidentiality, integrity, availability
• Authorization
  • reference monitor, access control matrix, access control list, capabilities
  • mandatory access control vs. discretionary access control, covert channels
  • complete mediation, least privilege, separation of privilege
• Board image
• Spring slides

I don't have written notes for this lecture yet. See Schneider's Introduction to Security for a good discussion of the topics covered in this lecture and the next.