Abstract :
The constructive security philosophy is based on the assumption that that for certain critical operations, a system always must do the "right thing". What the "right thing" is depends on the intended security policy, but we need assurance that the system will not do something else. Thus, we must demonstrate the absence of unspecified functionality - manifestation of security\´s negative requirement. Because we must demonstrate the absence of something in a way that will promote user confidence, it is necessary to build systems to demonstrably meet the negative requirement.
Keywords :
computer science education; security of data; teaching; constructive security philosophy; security policy; teaching; user confidence; Computer crime; Computer science education; Computer security; Data security; Educational programs; Geometry; Information security; Privacy; Stability; System testing;
