Moscow Engineering Physics Institute (State University), Russia
Abstract
The design and implementation of security is based upon many assumptions. This paper discusses the need for students to learn to question assumptions, and in so doing identify unrealistic or incorrect assumptions and any associated policies. More realisticassumptions can then made and/or procedures implemented to protect against violation ofthe assumptions. A number of examples in the context of teaching computer security arediscussed and some methods of teaching awareness of assumptions presented
