Guarding the Castle Keep: Teaching with the Fortress Metaphor

precise. Understanding the differences between the metaphor of a fortress and the realities of securing a system is crucial to students understanding the subtleties of computer security. In this department, we discuss the fortress metaphor as a pedagogical tool, both how it succeeds and how it fails to aid student understanding. A goal of computer security is to prevent people from violating a site's security policy. Managers and security experts believe that the greatest threat arises from unauthorized system access or use, or authorized limited system usage. This leads to the paradigm of fortress-based security. Fortifying a structure provides safety because defenders believe that attackers will have difficulty overcoming the fortifications. Fortifying usually involves layer-ing the defenses: a moat, for example, surrounds a castle wall, and a castle wall might consist of several different walls. This is analogous to traditional computer security mechanisms. In computer security terms, the principle of separation of privilege requires an entity to satisfy multiple conditions to obtain privileges (such as access). For instance, to log in to a system, someone must have both a valid username and password. This idea leads to security mechanism lay-ering. Using a firewall to protect a site is such an example. The fortress metaphor can explain this concept further. The firewall acts as the forti-fication's outside wall. Each computer system inside the defensive perimeter has its own security mechanisms in place. In some installations , multiple firewalls provide a (restricted) area for external access and a secure inner area for the site. For those students who know mythology, we can use our fortress metaphor to explain the reason behind the name " Trojan Horse " and how that attack works. This story can be particularly effective in liven-ing up an otherwise dry discussion of technique: " The Greeks could not breach the walls of Troy, so they used deception to enter the city. They built a wooden horse big enough to hide soldiers inside it, and tricked the Trojans into dragging the horse through the city gates. That night, the soldiers crept out of the horse, and opened the gates for the Greeks, who promptly sacked the city. " The computer security analogy is, of course, a program that a user executes. The program performs some action a user intends (displaying a mail message), and some other unintended action (mailing a copy to everyone in the user's address book). The …