Outline for May 20, 2013

Reading: §17.3, 18, [SMB06] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #4, due May 24, 201

  1. Capacity and noninterference
    1. When is bandwidth of covert channel 0?
    2. Noninterference sufficient but not necessary
    3. Analysis
    4. Measuring capacity
  2. Mitigating covert channels
    1. Preallocation and hold until process terminates
    2. Impose uniformity
    3. Randomize resource allocation
    4. Efficiency/performance vs. security
  3. Assurance
    1. Trustworthy entities
    2. Security assurance
    3. Trusted system
    4. Why assurance is needed
    5. Requirements
    6. Assurance and software life cycle

You can also obtain a PDF version of this. Version of May 19, 2013 at 4:53PM