Lecture 14
During today's lecture we will first look at a number of design principles that can be used when designing and implementing secure systems. We will then take another quick look at access control and two common ways of implementing it, Access Control Lists (ACL) and Capabilities. In conjuction with access control, we will also briefly mention firewalls, IDSes and network attacks.
The use of firewalls increased rapidly a few years ago. Everyone had to have a firewall, and lots of products, some not so good, appeared on the market. Today we have a more realistic view on firewalls, having one is not enough, it also has to be properly configured to do what it is ment to do and one also has to realize that a firewall is not enough to make a system secure. We will look at a complementary technology called Intrusion Detection System (IDS). This is a tool for auditing by analyzing the usage behaviour and other patterns within the system. Although todays IDSes might not be perfect,there is still a lot of research in this area.
We will also touch on other questions regarding security. What are you allowed to do? How do you organize the security work? When do you know that you are done?
Download the lecture notes as a PDF. Or, alternatively, download the lecture notes as handouts (6 per page).
Reading
Intensive reading: Distributed Systems, 7.2 - 7.6.3
Exercises
Primary set: 7.3, 7.10
Secondary set: 7.4, 7.6, 7.9