Read "Why cryptosystems fail" by Anderson, reading #27. It is pretty easy reading, but read it with care; he provides many interesting examples and insights.
Bob Metcalfe will give an invited lecture on writing. As an interesting side note, we read his classic Ethernet paper on March 5. Ethernet is the local-area network that hooks up most computers in the world, including your PC in your dorm. His lectures are very insightful and entertaining--don't forget to go! It will probably help you when you're writing up the second design project.
The last lecture on security. Read "The protection of information in computer systems" by Saltzer and Schroeder, reading #28. This is a heavy duty paper. Read sections I and II with care; you can skip Section III. The appendix to this reading, from page 6-34 on, is assigned for tomorrow's section; you don't have to read it for today.
Read Appendix 6.A from "The protection of information in computer systems" by Saltzer and Schroeder (pages 6-34 through 6-53 of reading #28). Pages 6-46 through 6-53 were missing from the reader, but we handed them out as handout #15. See the course secretary, Neena Lyall, in NE43-523 if you didn't get them. Your one-page reading report should address the following question:
Look carefully at protection failure case studies #4 (the system programmer attack), #10 (the system release trick), and #12 (unintentional signaling with clandestine channels) of appendix 6.A. Choose one of these (or, choose an interesting protection failure you have encountered or read about on your own) and do one of the following:1. Explain which, if any, of the security design principles described in "The protection of information in computer systems" (on pages 1282-3) were violated by the system in the case study.
2. Come up with a general security design principle of your own that, if applied, would have helped avoid that failure.
Lecture on the management of storage systems. In preparation, read Tanenbaum chapter 5; skip section 5.2. Although the reading has a significant number of pages, it is pretty easy going. The second reading assigned is "The longevity of digital documents" by Rothenberg, reading #29. This paper is very light reading--just zip through it.
System aphorism of the week
The unavoidable price of
reliability is simplicity. (C.A.R. Hoare)
6.033 Handout 20, issued 4/2/96