Practical Software Engineering
Security is a matter that has to be decided upon and dealt with by managers.
The management of an organization must take an active role in setting policies
and creating standards and procedures to be followed by the users and the
administrators of the systems.
The managers must divide the tasks of maintaining the system among several
people in order to prevent one person from having too much power and control
over the system.
In developing in house systems the management must take steps to create
security standards to which all software developed internally must comply.
An organization must assess how sensitive and valuable their information is,
and how much security and assurance they are willing to pay for.
The systems that are going to be purchased must meet these security standards.
It is often possible to install a systems with different security features
activated or not. The management must decide on activating or not activating
these security features.
I.H. Witten. Abacus, 4, 1987 pp.7-25.
It is very easy to infiltrate computer systems.
Security is a fundamentally human issue:
One way of maintaining security is to keep things secret, trusting people.
The other alternative is to open the system and rely on technical means of
Trend Toward Openness:
Unix is open in that any user can look at the
password file, and the source code is widely available.
One way functions: irreversible, although the output can be calculated
from the input, the input cannot be calculated from the output. These provide a
sense of security but in fact the security of a system is severely compromised
by people who have intimate knowledge of the system -- i.e.. those people that
you rely on to provide the security.
A Potpourri of Security Problems: security may be compromised by/when:
Getting under the skin -- implants code that secretly reads or alters files in
an unauthorized way.
- guessing a particular user's password -- < 15% users have a
- finding a valid password for any user
Select a password, encrypt it,
and search the password file
To attempt to avoid this use a salt (small
random number created when you change the password), perhaps base it on the
time of day, and save it with the encrypted password when the user defines
their password. Then every user has a different salt which makes it more
difficult to search the password file.
- forced-choice passwords: forcing people to change passwords regularly, and
not allowing them to select the same ones repeatedly also fail
might use the current month)
- wiretaps: someone watching you login to physical wire tap of line
- executing other people's programs can help spread a virus
- programmable terminals: program key presses to execute other programs as
well as mimic their original function.
Spreading infection like an epidemic
- actions range from disastrous rm * to annoying "I want a cookie"
- One good way is to write a popular utility program that everyone will want
- Other prime targets are utilities that have ultimate privilege (login,
passwd, ps, lquota ...)
- Viruses may lurk in compilers: viruses may be planted to detect what program is
being compiled and then add code to the object code at the suitable
Exorcising a virus: how
do you get rid of it once you found it?
- They work by sitting with executable (or macro) files so that the virus part acts
before the original purpose of the program.
- Difficult to detect because cause and effect are impossible to fathom when
faced with randomness and long time delays.
- recompile all programs that might have been infected, making sure NOT to
execute any of them
- Lots of anti-virus programs availiable
- Best place to put a virus is in an anti-virus program...
Technical mechanisms cannot limit the damage done by
- Consists of several segments, each is a program running on a separate
workstation on the network which is idle.
- If a workstation is shut down, the other segments reproduce it on another.
- Every workstation must be rebooted simultaneously to eradicate the
- mutual trust between users of a system, coupled with physical security
- multitude of checks and balances -- educate users.
- secrecy -- do not make information available
- talented programmers have power.
- cultivate a supportive trusting atmosphere so that those with power are
that contribute to growing public concern about communication privacy:
- "The right to be left alone"
- "One should have control over his/her own information"
On the communication network, the right of privacy can be
divided into three categories:
- The rapid growth of electronic transactions
- The accelerated collection of personal information
- The dramatic increase in the number of communications carriers and service
- The growing use of technically unsecured channel, such as mobile
Exception of privacy protection:
- Confidentiality: The existence of the communication should be known only
by the parties involved, without disclosure to a third party.
- Anonymity: The individual's right to disclose his/her identity in a
- Data protection: The collection and use of personal data.
The five principles of
personal record keeping:
- Criminal investigation
- Consent is given by the owner of the information
- For the maintenance of the network
This chip uses a sophisticated encryption algorithm that ensures data remains
- There must be no personal data record-keeping systems whose very existence
- There must be a way for an individual to find out what information about
him/her is in a record and how it is used
- There must be a way for an individual to prevent information about him/her
that was obtained for one purpose from being used or made available for other
purposes without his/her consent
- There must be a way for an individual to correct or amend record of
identifiable information about him/her
- Any organization creating, maintaining, using, or disseminating records of
identifiable personal data must assure the reliability of the data for their
intended use and must take precautions to prevent misuse of the data.
One of the biggest drawbacks to using the Clipper chip for privacy is that the
US government plans to regulate the keys that can decrypt any encrypted
Under the proposed plan, two government agencies would have access to the
decrypting keys and should law enforcement agencies have probable cause that a
crime was being committed, they can get access to these keys to decrypt any
files or communication that they feel they need to.
R.A. Clark, Communications of the ACM, 31(5), 1988 pp. 498-512.
Concern about freedom from tyranny is a trademark of democracy. Surveillance is
one of the elements of tyranny.
Nevertheless, some classes of people, at least when they undertake some classes
of activity, are deemed by society to warrant surveillance.
The computer has been accused of harboring a potential for increased
surveillance of the citizen by the state, and the consumer by the corporation.
is the systematic investigation or monitoring of the actions or communications
of one or more persons.
Its primary purpose is generally to collect information about them, their
activities, or their associates.
is the systematic use of personal data systems in the investigation or
monitoring of the actions or communications of one or more persons.
Personal surveillance is the surveillance of an identified person.
In general, a specific reason exists for the investigation or monitoring.
Mass surveillance is the surveillance of groups of people, usually large
In general, the reason for investigation or monitoring is to identify
individuals who belong to some particular class of interest to the surveillance
is the merging of data held on separate data systems of large numbers of
Dangers of personal dataveillance
Dangers of mass dataveillance
- Wrong identification
- Low data quality
- Acontextual use of data
- Low quality decisions
- Lack of subject knowledge of data flows
- Lack of subject consent to data flows
- Denial of redemption
To the individual
- Acontextual data merger
- Complexity and incomprehensibility of data
- Witch hunts
- Ex ante discrimination and guilt prediction
- Selective advertising
- Inversion of the onus of proof
- Covert operations
- Unknown accusations and accusers
- Denial of due process
is not, of itself, evil or undesirable. Its nature must be understood, and
society must decide the circumstances in which it should be used, and the
safeguards that should be applied to it.
- Prevailing climate of suspicion
- Adversarial relationships
- Focus of law enforcement on easily detectable offenses
- Inequitable application of the law
- Decreased respect for the law
- Reduction in meaningfulness of individual actions
- Reduction in self-reliance, self-determination
- Stultification of originality
- Tendency to opt out of the official level of society
- Weakening of society's moral fiber and cohesion
- Destabilization potential for a totalitarian government
There are benefits to society in terms of security, tax and social welfare,
finance and insurance.
IT professionals and academics alike have a moral responsibility to appreciate
the power of the technology in which they play a part.
Both groups must publicize the nature and implications of their work for
affected individuals and for society as a whole. This applies to the negative
consequences as well as the potential benefits.
Dispersion of authority and power, and hence, of information, has long been
regarded as vital to the survival of individualism and democracy.
Until and unless comprehensive information privacy protection is in place,
effective controls over the techniques of dataveillance will not be possible.
Phase 1 of Bill has been in place since June 8/89.
Major points of the Bill
Implications of Bill C-
- Protection of programs as literary works. The owner, not possessor of
program has right to make a single backup copy for security purposes.
may translate it into another language.
- Copyright piracy is subject to heavy fines, possibly jail time. Summary
offense: $25000, 6 months. Indictable offense: $1 million, 5 years.
- Clarification of what materials are protected under copyright, and what is
protected under industrial design law.
- Copyright boards, to be established, will have jurisdiction over fees for
collectives, and nonlocatable owners of copyright
- Copyright collectives will be set up which will result in less
competition. They will provide means through which to obtain
licenses/permission to reproduce copyrighted material.
- Moral rights of creators are enhanced. Including distortion, modification,
use of material in association with products, services, or institutions which
infringe on the integrity of the author.
- Choreography is protected under copyright.
- Rights for mechanical reproduction are abolished and replaced by
Remember that copyright law protects the expression of
ideas, while patent law protects the structural and operational processes.
Does NOT touch on some issues: "fair use", ownership of work done by
- Copyright collectives will provide freer use of copyrighted material, and
will probably involve some cost to each educational institution on basis of
volume of reproduction.
- Enhancements of moral rights will cause authors to evaluate the context in
which they are writing and how they are using other people's material.
new level of awareness among individuals and institutions will arise.
- Has brought intellectual property law from the 1920s to the
Practical Software Engineering, Department of Computer Science