Seminar Notes - March 3, 1999 - UC Davis Computer Security Laboratory

SECURITY LAB SEMINAR
March 3, 1999
1131 ENG II
1-2 p.m.

In attendance:
John Hughes (speaker), Steven Templeton, Jim Hoagland, Brant Hashii, David O'Brien, Chris Wee, Matt Bishop, Steven Cheung

TOPIC:
John Hughes presents the Linden 1976 paper, "Operating System Structures to Support Security and Reliable Software"

His slides from the lecture are attached.

Questions:
MB: Who was the source of the 1974 computer related crime stats? (Slide 3)
JH: Don Parker

CW: Data lifetime can be over 30 years; does Linden give a more specific definition of lifetime? (Slide 4)
JH: Extended type object - abstract data type
CW: Earlier ideas of encapsulation
MB: And object-oriented programming

CW: Is Linden's paper based on actual data using an empirical study on actual software?
MB: Empirical studies were just beginning at that time, Linden probably drew conclusion from his programming projects and experience

ST: Was Denial of Service considered at that time?
JH: Yes, in terms on availability.
MB: DoS was often considered a non-security problem at this time. Robustness and availability through multiple paths.

CW: What are the lessons learned?
JH: Beginnings of object, oriented programming language. Take advantage of these security features. Parameter checking.
MB: Design principle. First paper that suggested that capability could provide security benefits.