The Challenge of Secure Computing

The rapid proliferation of desktop computing and Web browsers throughout the University of Washington presents opportunities to restructure and redefine how the university manages and shares information. As we work to enhance and streamline our business practices using these technologies, security issues are paramount.

Indeed, the explosive growth of the Internet has been accompanied by a corresponding growth in information security risks. Unauthorized access to information and resources, fraudulent messages, and denial-of-service attacks are all on the increase.

Areas to Address

Secure computing involves handling these issues:

Authentication:: Knowing with assurance who is initiating a transaction or sending a message
Authorization:: Determining whether someone is allowed to perform a particular task or transaction
Integrity:: Ensuring that information is safe from being altered as it travels from source to destination
Privacy:: Ensuring that only those intended to see a particular piece of information are able to see it
Non-repudiation:: Ensuring that the originator of a transaction or message cannot later successfully argue that he or she did not send it

Addressing these security issues in a community as large and complex as the UW is not simple. Effective solutions involve carefully coordinated policies and procedures--as well as software and hardware tools--for everything from desktop computers to central computing services, and the networks in between.

As we begin working toward a more secure networking and computing environment, we see the following practical questions before us:

Who verifies that you are who you say you are when you first get a UW NetID?
How can we be sure the "verifier" can be trusted?
How do you keep a password secret when it passes through networks and systems that may be shared by many?
How can your desktop software programs safely interact with programs on other computers?
How can we reduce the number of times you have to authenticate to various applications and systems from your desktop?
How can you tell whether it is safe to enter your password when a computer program asks for it?
When receiving an email message, how do you know it really came from the person it says sent it, and that it has not been modified in transit?

Understanding the Issues

To better understand these issues and questions, the following articles present an overview of how secure networking and computing works, what C&C has done so far in building a secure computing environment, and how you can make your computing environment more secure. The many unsolved technical and policy issues relating to information security are also covered.

University of Washington Computing & Communications
Windows on Computing, No. 22, Winter 1999
newsltr@cac.washington.edu