The paper for Design Project 1 is due today. Hand it in today, since the instructors will be grading during spring break--they might leave by Friday for strange and unknown destinations! For students in the 6.033 lab, only the paper is due today. The software will be due in two weeks, on Thursday, April 4.
For recitation, read Section 6 ("Security in Java") of handout 16 ("The Java Language Environment") and the articles in handout 17, "Recent Issues Regarding Security and Privacy". The reading is very light, so you should be able to zip through and still have plenty of time left to do a final pass over your paper for Design Project 1.
If you have spare time, there is another interesting security reading in the 6.033 readings: reading #24 reports the events around the Internet worm constructed by Robert Morris in 1988. This worm brought large parts of the Internet down and led to a flurry of articles in the national newspapers discussing its ethical and social implications. Morris was fined over $10,000, sentenced to 400 hours of community service, and placed on probation for 3 years. Some people think this punishment was too light, others think it was too heavy. What do you think?
The second lecture on security; read Tanenbaum section 4.4. You can zip through most of it, except for the discussion on access control lists and capabilities; read that material with more care.
Read reading #26 (Miller et al., "Kerberos authentication and authorization system"). This is an important paper; read it with care: try to understand the protocols and what the line of reasoning is behind the protocols. Your one-page reading report should address the following question:
Kerberos protects passwords by never sending them in cleartext across the network. However, there are some assumptions that have to be made about the computing environment in which Kerberos is run: for instance, Kerberos end users must trust the program into which they type their password. Eve Dropper decides to take advantage of this assumption in order to steal other people's passwords. She writes a modified version of the Athena login program which records passwords in a non-traceable way (such as by posting them encrypted to a random newsgroup). She then installs the modified login program on several workstations across campus.
Taking Eve's plan into account, is the assumption about trusting the client software too much of a leap of faith to consider Kerberos truly secure? From the point of view of the Athena administrators, would it be better to implement technology to reliably prevent this kind of behavior, or to just announce a strict policy against it (e.g., a threat of expulsion or legal prosecution)? Assume that if Eve does everything correctly, she cannot be traced back to the crime.
The third lecture on security. Read Tanenbaum section 4.5.
System aphorism of the week
Engineering is the art of modeling materials we do not wholly understand, into shapes we cannot precisely analyse so as to withstand forces we cannot properly assess, in such a way that the public has no reason to suspect the extent of our ignorance. (Dr. A. R. Dykes, British Institution of Structural Engineers, 1976)
6.033 Handout 18, issued 3/19/96