 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ |
Provide
definitions for terms like “authorized”, “prompt”,
|
|
|
|
“good
information” and “disclosure”
|
|
|
| ¨ |
Preferably
in a way that can be automated
|
|
|
|
– |
This
is a critical failing of most computer security policies
|
|
|
| ¨ |
In
this course, we will restrict our scope of attention to
|
|
|
computer
security policies.
|
|
|
|
– |
We
will assume, for example, that physical access to sensitive
|
|
|
|
portions
of the machine has already been restricted by external
|
|
|
|
mechanisms.
|
|
|
|
– |
We
will assume that authorized users are ``well behaved.’’ This is
|
|
a
questionable assumption, and sometimes inappropriate.
|
|