Week 1:Dates: Jan 7, Jan 9, Jan 11
Topics: Access control matrix, safety question, take-grant model, SPM
Reading: text, §2, 3–3.4; Papers: [TL13,Z+05]
Week 2:Dates: Jan 14, Jan 16, Jan 18
Topics: Expressive power of models, comparing models, security policies
Reading: text, §3.4–3.7, 4; Paper: [Bi96]
Week 3:Dates: Jan 21, Jan 23, Jan 25 [Jan 21: Martin Luther King, Jr. Day (university holiday)]
Topics: Confidentiality policies, Bell-LaPadula Model
Reading: text, §5.1–5.3, A; Paper: [Sa93]
Due: Jan 23: homework 1; Jan 23: project selection
Week 4:Dates: Jan 28, Jan 30, Feb 1;
Topics: Tranquility, System Z, assurance overview, assurance in building systems
Reading: text, §5.4–5.6, 19, 20; Papers: [D+06,Mi79]
Week 5:Dates: Feb 4, Feb 6, Feb 8
Topics:Assurance in building systems, integrity models, Biba, Clark-Wilson, trust models, availability models
Reading: text, §20, 6 (except 6.3), 7; Papers: [J+11,LO10]
Due: Feb 8: homework 2
Week 6:Dates: Feb 11, Feb 13, Feb 15
Topics: Availability models, hybrid models, Chinese Wall model, CISS model, ORCON, RBAC
Reading: text, §7, 8; Papers: [A+10,E+03,WB04]
Due: Feb 15: project progress report
Week 7:Dates: Feb 18, Feb 20, Feb 22 [Feb 18: President’ Day (university holiday)]
Topics: Basic policy composition, information flow mechanisms
Reading: text, §9.1, 17; Papers: [B+07]
Due: Feb 22: homework #3
Week 8:Dates: Feb 25, Feb 27, Mar 1 [Feb 25: no class (I am out of town)]
Topics: Information flow mechanisms, principles of secure design, confinement problem
Reading: text, §17, 14, 18.1–18.2; Papers: [SA06]
Week 9:Dates: Mar 4, Mar 6, Mar 8
Topics: Isolation, covert channel analysis, noninterference
Reading: §18, 9; Papers: [S+06,KR02]
Week 10: Dates: Mar 11, Mar 13, Mar 15 [Mar 15 is last class]
Topics: Noninterference, unwinding theorem, nondeducibility, restrictiveness
Reading: §18, 9; Paper: [D+11]
Due: Mar 15: homework 4
Mar 22:Due: Completed project due at 3:00pm


C. Ardagna, S. di Vimercati, S. Foresti, T. Grandison, S. Jajodia, and P. Samarati, “Access Control for Smarter Healthcare Using Policy Spaces,” Computers & Security 29(8) pp. 848–858 (Nov. 2010). doi: 10.1016/j.cose.2010.07.001
M. Backes, M. Dümuth, and D. Unruh, “Information Flow in the Peer-Reviewing Process (Extended Abstract),” Proceedings of the 2007 IEEE Symposium on Security and Privacy pp. 187–191 (May 2007). doi: 10.1109/SP.2007.24
M. Bishop, “Conspiracy and Information Flow in the Take-Grant Protection Model,” Journal of Computer Security 4(4) pp. 331–359 (1996). doi: 10.3233/JCS-1996-4404
A. Datta, J. Franklin, D. Garg, L. Jia, and D. Kaynar, “On Adversary Models and Compositional Security,” IEEE Security & Privacy 9(3) pp. 26–32 (May 2011). doi: 10.1109/MSP.2010.203
P. Derrin, K. Elphinstone, G. Klein, D. Cock, and M. Chakravaty, “Running the Manual: An Approach to High-assurance Microkernel Development,” Proceedings of the 2006 ACM SIGPLAN Workshop on Haskell pp. 60–71 (Sep. 2006). doi: 10.1145/1159842.1159850
A. El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miège, C. Saurel, and G. Trouessin, “Organization Based Access Control,” Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks pp. 120–131 (June 2003). doi: 10.1109/POLICY.2003.1206966.
B. Javadi, D. Kondo, J.-M. Vincent, and D. Anderson, “Discovering Statistical Models of Availability in Large Distributed Systems: An Empirical Study of SETI@home,” IEEE Transactions on Parallel and Distributed Systems 22(11) pp. 1896–1903 (Nov. 2011). doi: 10.1109/TPDS.2011.50
C. Ko and T. Redmond, “Noninterference and Intrusion Detection,” Proceedings of the 2002 IEEE Symposium on Security and Privacy pp. 177–187 (May 2002). doi: 10.1109/SECPRI.2002.1004370
G. Loukas and G. Öke, “Protection Against Denial of Service Attacks: A Survey,” The Computer Journal 53(7) pp. 1020–1037 (2010). doi: 10.1093/comjnl/bxp078
J. Millen, “Operating System Security Verification,” MITRE Corp., Bedford, MA (1979).
G. Shah, A. Molna, and M. Blaze, “Keyboards and Covert Channels,” Proceedings of the 15th USENIX Security Symposium pp. 59–78 (Aug. 2006). url:
R. Sandhu, “Lattice-Based Access Control Models,” IEEE Computer 26(11) pp. 9–19 (Nov. 1993). doi: 10.1109/2.241422
J. Soon and J. Alves-Foss, “Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems,” Proceedings of the 2006 IEEE Information Assurance Workshop pp. 361–368 (June 2006). doi: 10.1109/IAW.2006.1652117
M. Tripunitara and N. Li, “The Foundational Work of Harrison-Ruzzo-Ullman Revisited,” IEEE Transactions on Dependable and Secure Computing 10(1) pp. 28–39 (Jan. 2011). doi: 10.1109/TDSC.2012.77
T. Walcott and M. Bishop, “Traducement: A Model for Record Security,” ACM Transactions on Information and System Security 7(4) pp. 576–590 (Nov. 2004). doi: 10.1145/1042031.1042035
X. Zhang, Y. Li, and D. Nalla, “An Attribute-Based Access Matrix Model,” Proceedings of the 2005 ACM Symposium on Applied Computing pp. 359–363 (Mar. 2005). doi: 10.1145/1066677.1066760

You can also obtain a PDF version of this. Version of March 15, 2019 at 11:23PM