Outline for March 16, 1999

  1. Greetings and felicitations!
  2. Security in Programming
    1. Specification/Requirements
    2. Design
    3. Implementation
  3. Design: use MTA on UNIX
    1. Principle of Least Privilege
    2. Principle of Fail-Safe Defaults
    3. Principle of Economy of Mechanism
    4. Principle of Complete Mediation
    5. Principle of Open Design
    6. Principle of Separation of Privilege
    7. Principle of Least Common Mechanism
    8. Principle of Psychological Acceptability
  4. Implementation
    1. Object naming
    2. Process environment
    3. Process interaction
    4. Error and exception handling
  5. Object naming
    1. Trojan horses
    2. Race conditions (TOCTTOU)
  6. Process environment
    1. Privileges
    2. Environment variables
    3. System constraints (root directory, etc.)
  7. Process interaction
    1. IPC and pipes
    2. Use of the network
    3. Multithreading and synchronization (locking)
  8. Error and exception handling
    1. Assumptions
    2. Signals and race conditions


You can get this document in ASCII text, Framemaker+SGML version 5.5, PDF (for Acrobat 3.0 or later), or Postscript.
Send email to [email protected].

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562



Page last modified on 3/17/99