CS 587: Computer Systems Security
A note about the course
This is a broad, conceptual course about computer security. In general, computer security is the study of what is the effect on computing when there are attackers. The attacker is by defintion an intelligent adversary. Thus the attacker will seek the weakest link in attacking a system. This threat cannot be defended against by a single technique or a single set of techniques. This course paints a broad picture of computer security, with an emphasis on how computer security affects computer systems.This is a systems course, so it is advisable that students have some systems background and hence it is desirable to have a background in CS 385, CS 366, and/or CS 450. This is not a programming intensive course like CS 491 (Secure Operating System Design and Implementation).
Announcements
- Advanced Programming Seminar on Wednesdays at noon (optional).
- Reading group on Fridays at 2:00 (optional)
- Ethos Meetings on Mondays at 2:00 (optional)
- Homework 1, Due at the start of class Sep. 21st: Chapter 3: problems 2,3,6,8,15,19,21,24, 25,28, 31,38,40 (not optional)
- Homework 1 errata: Please ignore part (b) of question 24, Question 38 has been rephrased
In our description of Lipner, system managers copied the object over to one with a label containing a compartment of all categories. How can a subset of these categories be used for a specific label type and what are the security implications of doing so?
- Homework 2: Due at the start of class Oct. 3rd: Chapter 3: problems 42, 43, 47, 50, 56, 57, 59
- Homework 3: Due at the start of class Oct. 10th: Chapter 4: problems 20--30
- Homework 4: Due at the start of class Oct. 19th: Chapter 5: problems 18--28
- Solutions are out for HW1-HW4
- Test 1: will be on October 26th
- We'll be using my manuscript which we used last time.
It is 528 pages at this point (we cover about 1/2 in this course)
plus front and back matter.
Description:
This course explores in depth Computer Security. Computer security is a subject of growing concern as a result of increasing- number of computers on the Internet;
- number of services on the Internet;
- amount of sensitive information on the Internet;
- reliance on computers for organizations; and
- commonality of software and hardware.
This course will examine:
- Definition of computer security
- Security models (eg. Chinese Wall, Bell-LaPadula, and Clark Wilson) and properties (eg. information flow, non-interference, separation of duties)
- Computer systems structure and its impact on security
- Authentication
- Errant programs
- Attacks
- Assurance that systems meet their security goals
- Access control models, their use and analysis (eg. POSIX/Unix models, Lattice, Type enforcement, LEAP)
- Covert channels and their analysis
This is a systems course, and while it is intended to be self-contained will explore issues primarily in software including operating systems and applications software.
Required Work
The work is going to include:- homework assignments,
- programming assignments (these are not intended to be very large),
- test(s) and
- Possibly a course project, depending on the availability of software.
- Ross Anderson, Security Engineering, John Wiley. (Really nice discussions of many topics and very readable. Highly recommended.)
- Pfleeger and Pfleeger, Security in Computing, Prentice-Hall, 3rd Edition. (Used last time for this course, good coverage of OS issues.)
- Gollmann, Computer Security, John Wiley. (Broad coverage, but terse)
Undergraduates wishing to take the course should send me email with the following information:
- Number of completed credit hours
- Any required courses not yet taken.
- List of 400 level courses taken (and grades achieved).
- Background in OS
- Are you requesting course count as a technical elective (this will be harder)
- Have you filed a petition?
- Reason for wanting to take the course
Jon A. Solworth Last modified: 25 August 2010