ECS 235B, Winter 2024: Foundations of Computer and Information Security

Announcements

• Jan 16, 3:02pm: Cancel Office Hour for Wednesday, January 17
• Jan 10, 11:50am: Class on Internet Measurement & Policy

Class Information

• General Information
• Syllabus
• All About Homework
• Term Project

Homework

• Homework #1 (due Jan 19)
• Homework #2 (due Feb 2)
• Homework #3 (due Feb 21)
• Homework #4 (due Mar 5)
• Homework #5 Revision 1 (due Mar 15)
  • Original Homework 5

Extra Credit

• Extra Credit #A Revision 1 (due Jan 19)
  • Original Extra Credit A
• Extra Credit #B (due Jan 30)
• Extra Credit #C (due Feb 14)
• Extra Credit #D (due Feb 23)
• Extra Credit #E (due Mar 4)
• Extra Credit #F (due Mar 15)

Project

• Project Selection (due Jan 26)
• Project Progress Report (due Feb 16)
• Completed Project (due Mar 21)

Handouts

• Papers are on Canvas for copyright reasons
• Example Homework Answer
• Bell-LaPadula Symbols
• Table of Notation for Noninterference and Nondeducibility

Lecture Outlines

1. Lecture #  1 (Jan 8)
2. Lecture #  2 (Jan 10)
3. Lecture #  3 (Jan 12)
4. Lecture #  4 (Jan 17)
5. Lecture #  5 (Jan 19)
6. Lecture #  6 (Jan 22)
7. Lecture #  7 (Jan 24)
8. Lecture #  8 (Jan 26)
9. Lecture #  9 (Jan 29)
10. Lecture #10 (Jan 31)
11. Lecture #11 (Feb 9)
12. Lecture #12 (Feb 12)
13. Lecture #13 (Feb 14)
14. Lecture #14 (Feb 16)
15. Lecture #15 (Feb 21)
16. Lecture #16 (Feb 23)
17. Lecture #17 (Feb 26)
18. Lecture #18 (Feb 28)
19. Lecture #19 (Mar 1)
20. Lecture #20 (Mar 4)
21. Lecture #21 (Mar 6)
22. Lecture #22 (Mar 8)

Modules

1. Administrative Material
2. Basic Components
3. Reference Monitors
4. Access Control Matrix
5. Attribute-Based Access Control Matrix
6. HRU Result
7. Take-Grant Model Rules
8. Sharing in the Take-Grant Model
9. Stealing in the Take-Grant Model
10. Schematic Protection Model
11. Expressiveness
12. Typed Access Matrix Model
13. Security Policies
14. Security Policy Languages
15. Precise and Secure Policies
16. Lattices
17. Confidentiality Policies and the Bell-LaPadula Model
18. Bell-LaPadula Model
19. Applying the Bell-LaPadula Model
20. Tranquility
21. The Controversy and System Z
22. Integrity Requirements and the Biba Model
23. Clark-Wilson Model
24. Trust Models
25. Constraint-Based Availability Models
26. State-Based Availability Models
27. Network Flooding
28. Chinese Wall Model
29. Clinical Information Systems Security Policy
30. Originator-Based Access Control
31. Role-Based Access Control
32. Traducement
33. Break-the-Glass Policies
34. Policy Composition
35. Introduction to Noninterference
36. Security Policy and the Unwinding Theorem
37. Access Control Matrix Revisited
38. Generalized Noninterference
39. Policy Composition I
40. Nondeducibility
41. Restrictiveness
42. Side Channels
43. Introduction to Assurance
44. Building Systems with Assurance
45. Design Assurance Techniques
46. Implementation Assurance Techniques
47. Entropy
48. Introduction to Information Flow
49. Information Flow Policies
50. Confinement Problem
51. Isolation
52. Covert Channels
53. Detexcting Covert Channels

---

Matt Bishop Office: 2209 Watershed Science Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu