General Information

Instructor

Matt Bishop

telephone, (916) 752-8060;  email,  bishop@cs.ucdavis.edu; WWW, http://seclab.cs.ucdavis.edu/~bishop/;

Office, 3059 Engineering Unit II; Office hours:  MWF1:10‚2:00PM Pacific Coast time, or by appointment

Note: If you send me email, please mark the header as ECS 253 ‚ URGENT to help me see it quickly!

Lectures

MWF 2:10 ‚ 3:00PM in Room 1062, Banier Hall

Course Outline

Elements of cryptography and data security; system security, and network security.  Both theory and appli-
cations will be covered, but theory will be emphasized.

Course Goals

Some goals we hope you  achieve:

1.	learn the importance of computer security;

2.	understand the basics of the theory behind cryptography;

3.	understand how to use cryptography in support of security services

4.	learn the basic theory and practise of secure systems;

5.	understand the types of security services needed for network security; and

6.	analyze or survey some aspect of computer security and cryptography in depth.

Text

Edward Amoroso, Fundamentals of Computer Security Technology, Prentice-Hall, Englewood CLiffs, NJ 
07632 (1994). ISBN 0-13-108929-3.

Computer Programs

The homework assignments, and your project, may require computer programs.  Any computer programs 
written for this class must be well documented, cleanly written, and have a manual page or write-up 
describing how to use it, its input, and its output.  Include sample runs.  If you have C or C++ available, I 
would prefer you use one of those; if not, any reasonable computer language is fine.

Course Web Page, Handouts, and Newsgroup

The web page http://wwwcsif.cs.ucdavis.edu/~cs253 contains links to all course handouts (except for the 
published/copyrighted papers). They will also be available for anonymous ftp at ftp://nob.cs.ucdavis.edu /
pub/cs253.

Because we have some students without access to the UC Davis campus newsgroups, information about 
this class, homework assignments, office hours, and so forth, will be posted to the web page as well as to 
the ucd.class.ecs253 newsgroup.  Read this newsgroup (or web page) daily, especially near the time 
assignments are due.  You are responsible for everything posted.  This newsgroup is not for discussion 
about the class, but information from the instructor to you.

If you want to post things about the class, please use the discussion newsgroup ucd.class.ecs253.d., or 
send the instructor a mail message asking that something be posted.  Discussing something in this group 
is perfectly fair!

Postings from both newsgroups will be copied to the web page regularly.

Homework

There will be 5 homework assignments. The due date will be on each assignment.I will try to have your 
homework graded as quickly as possible, usually within three class periods after I receive it.

Because this is a graduate class, we¼ll begin with no penalty for late homework. (I reserve the right to 
change this if I feel students are falling behind.) This class covers a lot of material very quickly, and if you 
delay you will probably fall too far behind to catch up easily. So don¼t delay ‚ do the homework on time!

Some general notes: if you handwrite your homework, please write legibly. If I can¼t read your answer, or 
understand it, it¼s wrong. Please think your answers through before writing them down in final form; a 
request for a proof requires a proof, not a statement that „it¼s probably right, and here are 15,000 examples 
to show it;¾ a request for a discussion should be treated as an essay question, with a main theme and argu-
ments for and against the answer. It is fair to present the factors that affect your answer; it is not acceptable 
to begin by giving one answer in the introduction and a different answer in the conclusion! (Yes, you¼ll lose 
points.) And, always show your work; if you simply write down a correct answer and do not show how you 
got that answer, you will not get any credit.

Project

This class requires a term project requiring you to do outside reading, or apply what we¼ve learned in class 
to a realistic situation, or extend your knowledge beyond what is done in class.  The project is an integral 
part of the course, because it demonstrates you¼ve learned enough to go beyond what we talked about in 
class.

The handout Projects describes the requirements in some detail and suggests possible projects, as well 
as the required intermediate reports.

Penetration Analysis Project

I would like students to get a feel for  some of the uses to which computer securty can be put. As part of 
this, the class will conduct a penetration analysis of a computer system. More information will be given on 
the first Friday of class.

Scribing

Each day, some student will be a scribe, to take notes. When you do this, send me the notes (in ASCII or 
latex(1); wrie out any equations in a form the reader can understand). I will review them and then post them 
to the web page for everyone¼s use.

Grading

UCD Students:	40% Homework	40% Project	20% In-Class Participation

NTU Students:	50% Homework	50% Project

The Participation points come from two sources. Half (10%) come from scribing. The other half (10%) 
come from the Penetration reports. Because of the week¼s delay in getting access to the class tapes, NTU 
students will not be scribing and may choose not to participate in the Penetration Analysis Project. More 
details on opting into the latter will be available during the first week of class. 

Note that there are no exams.

Recommended Reading

1.	Dorothy Denning, Cryptography and Data Security, Addison-Wesley ©1984
Perhaps the best computer security text written so far; its only problem is being very out of date. Much 
of the cryptography is drawn from this book. If you can get a copy of it, I strongly encourage you to do 
so; it¼s a wonderful text.

2.	Helen FouchÈ Gaines, Cryptanalysis: a Study of Ciphers and their Solution, Dover Publications, 
©1956.
A classic on cracking transposition and substitution ciphers, it does not cover more modern cryptogra-
phy, but it shows the basics of cryptanalysis in a non-mathematical way.

3.	Simpson Garfinkel and Gene Spafford, Practical UNIX and Internet Security, O¼Reilly & Associates, 
©1996.
A marvelous book on UNIX security. Don¼t look for deep principles here; this book is a practicum.

4.	Morrie Gasser, Building a Secure Computer System, Van Nostrand Reinhold, ©1985
„The¾ book for practical and theoretical considerations in the design of a secure computer system. Not 
too rigorous, but quite comprehensive.

5.	Katie Hafner and John Markoff, Cyberpunk, Simon & Schuster, ©1991.
This book describes three of the better-known computer security incidents and the people behind 
them. It¼s not too technical, but a good study of hackers.

6.	Lance J. Hoffman, Rogue Programs: Viruses, Worms, and Trojan Horses, Van Nostrand Reinhold, 
©1990.
A collection of papers about malicious programs; the section on social and legal issues is very interest-
ing, 

7.	David Kahn, The Codebreakers, Second Edition, Macmillan ©1996.
Truly a classic, this book combines history with some basic cryptanalysis to show the evolution of 
codes and ciphers. This is the unabridged version, recently updated and re-released.

8.	Alan Konheim, Cryptography: A Primer, John Wiley and Sons ©1981.
Probably the best book yet on cryptanalysis; it does not have as much depth as Meyer and Matyas¼ 
book on some subjects (such as the DES), but it is much broader in scope. Beware of the notation, 
though: this can be a very hard book to understand!

9.	Carl Meyer and Stephen Matyas, Cryptography: A New Dimension in Computer Data Security, John 
Wiley and Sons, ©1982.
A very complete study of modern cryptography; the chapter on the DES is excellent.

10.	National Research Council, Computers at Risk: Safe Computing in the Information Age, National 
Academy Press, ©1991.
A study of how national policy should reflect problems, and advances, in computer security.

11.	Donn Parker, Crime by Computer, Charles Scribner¼s Sons ©1976.
Good discussion of what can happen if you ignore security considerations; it also considers ethics, 
something rarely seen but very badly needed.

12.	Wayne Patterson, Mathematical Cryptography for Computer Scientists and Mathematicians, Rowman 
and Littlefield, ©1987.
Highly mathematical, up-to-date treatment of many ciphers. Watch out for typographical errors and 
switches in notation, though!

13.	Bruce Schneier, Applied Cryptography, Second Edition, John Wiley and Sons, ©1996.
This book is a good but nonrigorous introduction to cryptography. The first edition had loads of errors, 
but (I am told) this version has eliminated most of them.

14.	Abraham Sinkov, Elementaty Cryptanalysis: A Mathematical Approach, The Mathematical Association 
of America, ©1966.
A  readable yet mathematical account of substitution and transposition ciphers.

Academic Integrity

Please see pages 148‚149 of the Spring 1997 Class Schedule and Room Directory for a general discus-
sion of this.  In particular, for this course:

Ä	All work submitted for credit must be your own. You may discuss your assignments with classmates, 
with instructors, or with readers in the course to get ideas or a critique of your ideas, but the ideas and 
words you submit must be your own.  Unless explicitly stated otherwise  in the assignment, collabora-
tion is considered cheating and will be dealt with accordingly.

Ä	For written homework, you must write up your own solutions and may neither read nor copy another 
student¼s solutions.

Ä	For programs, you must create and type in your own code and document it yourself.  Note that you are 
free to seek help while debugging a program once it is written.

A good analogy between appropriate discussion and inappropriate collaboration is the following: you and a 
fellow student work for competing software companies developing different products to meet a given spec-
ification.  You and your competitor might choose to discuss product specifications and general techniques 
employed in your products, but you certainly would not discuss or exchange proprietary information reveal-
ing details of your products.  Ask the instructor  for clarification beforehand if the above rules are not clear.

Syllabus

	#	       Date	Topic, Readings, and Other Information

	1.	Monday, March 31	Introduction to Computer Security

Reading:	text, ß1, ß2, ß8.2;
M. Bishop, „Computer Security,¾ unpublished

	2.	Wednesday, April 2	The Role of Cryptography and Basic Information Theory

Reading:	text, ß20.1

	3. 	Friday, April 4	Penetration Studies: Foundations
We will discuss the structure of a penetration study, go through a couple 
of examples, and begin planning our exercise.

Reading:	text, ß3;
M. Bishop, „Vulnerabilities Studies,¾ unpublished

	4.	Monday, April 7	Number Theory and Transposition Ciphers

Reading:	text, ß20.3

	5.	Wednesday, April 9	Substitution Ciphers and Their Analysis

	6.	Friday, April 11	Penetration Studies: Flaw Hypothesis Methodology
This is the basis for penetration studies; we will explore it using UNIX 
examples.

Reading:	text, ß5;
R. R. Linde, „Operating System Penetration,¾ AFIPS National 
Computer Conference, AFIPS, Arlington, VA pp. 361‚368 
(1975).

	7.	Monday, April 14	Product Ciphers and the DES

Reading:	text, ß20.4;
The Data Encryption Standard, FIPS PUB 46 (Jan. 1977);
M. E. Hellman, „DES Will Be Totally Insecure Within 10 Years,¾ 
IEEE Spectrum 16(7) pp. 32‚39 (July 1979); including rebuttals 
by W. Tuchman, G. Davida, and D. Branstad

	8.	Wednesday, April 16	Public Key Cryptography, the Knapsack Cipher, the RSA Cipher

Reading: 	text, ß21.5;
W. Diffie, „The First Ten Years of Public-Key Cryptography,¾ Pro-
ceedings of the IEEE 76(5) pp. 560‚577 (May 1988);
R. Rivest, A. Shamir, and L. Adleman, „A Method for Obtaining 
Digital Signatures and Public-Key Cryptosystems,¾ Communi-
cations of the ACM 21(2) pp. 120‚126 (Feb. 1978).

	9.	Friday, April 18	Penetration Studies: Reports #1, From the Outside
Each team will have 5 minutes to present the techniques it tried, what was 
learned, and what should be tried next

	#	       Date	Topic, Readings, and Other Information

	10.	Monday, April 21	No class

	11. 	Wednesday, April 23	No class

	12.	Friday, April 25	Penetration Studies: Vulnerabilities Models
We will discuss the Program Analysis project, RISOS, Aslam¼s classifica-
tion, and the Davis security model.

Reading:	C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, „A 
Taxonomy of Computer Program Securty Flaws,¾ Computing 
Surveys 26(3) pp. 211‚254 (Sep. 1994).

	13.	Monday, April 28	Authentication, One-Way Hash Functions

Reading:	text, ß18 and ß19;
R. Morris and K. Thompson, „Password Security: A Case His-
tory,¾ Communications of the ACM 22(11) pp. 594‚597 (Nov. 
1979).

	14.	Wednesday, April 30	Key Management, Certificates

Reading:	text, ß21.8‚9;
S. Kent, „Privacy Enhancement for Internet Electronic Mail: Part 
II: Certificate-Based Key Management,¾ RFC 1422 (Feb. 1993).

	15.	Friday, May 2	Penetation Studies: Reports #2, From the Inside
Each team will present the techniques it tried, what was learned, and 
what should be tried next.

	16.	Monday, May 5	Limits of Security
The HRU result;  the Take-Grant Protection Model; limits of decidability

Reading:	M. A. Harrison, W. L. Ruzzo, and J. D. Ullman, „Protection in 
Operating Systems,¾ Communications of the ACM 19(7) pp. 
461‚471 (Aug. 1976);
L. Snyder, „Formal Models of Capability-Based Protection Sys-
tems,¾ IEEE Transactions on Computers C-30(3) pp. 172‚181 
(Mar. 1981).

	17.	Wednesday, May 7	Lattice Models; Models of Confidentiality
Bell-LaPadula Model, tranquility, System Z and the debate

Reading:	text, ß6‚ß7, ß9‚10;
J. McLean, „A Comment on the åBasic Security Theorem¼ of Bell 
and La Padula,¾ Information Processing Letters 20(2) pp. 67‚70 
(Feb. 15, 1985);
L. La Padula, „The åBasic Security Theorem¼ of Bell and La Pad-
ula Revisited,¾ unpublished

	18.	Friday, May 9	Penetation Studies: Analysis
Implementation vs. design flaws, effects, how to limit damage, how to pre-
vent introduction

Reading: text, ß25

	#	       Date	Topic, Readings, and Other Information

	19.	Monday, May 12	Models of Integrity
Lipner¼s Access Matrix Model, Biba, Clark-Wilson

Reading:	text, ß12‚13;
S. B. Lipner, „Non-Discretionary Controls for Commercial Appli-
cations,¾ Proceedings of the 1982 IEEE Symposium on Secu-
rity and Privacy pp. 2‚10 (Apr. 1982);
D. Clark and D. Wilson, „A Comparison of Commercial and Mili-
tary Computer Security Policies,¾ Proceedings of the 1987 IEEE 
Symposium on Security and Privacy pp. 184‚194 (Apr. 1987).

	20.	Wednesday, May 14	Hybrids and Standards
Chinese Wall, Orange Book, ITSEC

Reading:	text, ß29;
D. Brewer and M. Nash, „The Chinese Wall Security Policy,¾ 
Proceedings of the 1989 IEEE Symposium on Security and Pri-
vacy  pp. 206‚214 (May 1989).

	21.	Friday, May 16	Penetration Studies: Reports #3, Fixing the Flaws
Each team will present an analysis of the flaws uncovered, and how they 
would fix them and/or prevent their introduction

	22.	Monday, May 19	Policy and Modelling Issues
Nondeducibility, noninterference, composition of policies and the Hook-Up 
Theorem

Reading:	text, ß11, ß24
D. McCullough, „Specifications for Multi-Level Security and a 
Hook-Up Property,¾ Proceedings of the 1987 IEEE Proceedings 
on Security and Privacy pp. 161‚166 (Apr. 1987).

	23.	Wednesday, May 21	Access Control Mechanisms
Access Control Matrix, ACLs, Capabilities;  levels of privilege, ring-based 
control

Reading:	text, ß22
Ko, Hai-Ping, „Security Properties of Ring Brackets,¾ Proceed-
ings of the Computer Security Foundations Workshop II, pp. 
41‚46 (June 1989).

	24.	Friday, May 23	Penetration Studies: Intrusion Detection
How to detect exploitation of flaws; logs, auditing, real-time vs. post mor-
tem analysis

Reading: text, ß16‚17;
D. Denning, „An Intrusion Detection Model,¾ Proceedings of the 
1986 IEEE Symposium on Security and Privacy pp. 118‚131 
(Apr. 1986).

	#	       Date	Topic, Readings, and Other Information

	25.	Monday, May 26	Memorial Day ã University Holiday

	26.	Wednesday, May 28	Access Control Mechanisms (con¼t)
Mandatory and Discretionary Controls, Origination Control

	27.	Friday,  May 30	Security Kernels
Principles, trusted path, covert channels, principle of layering, verification; 
discussion of examples

Reading:	text ß26;
P. Karger, M. Zurko, D. Bonin, M. Mason, and C. Kahn, „A Ret-
rospective on the VAX VMM Security Kernel,¾ IEEE Transac-
tions on Software Engineering SE-17(11) pp. 1147‚1165 (Nov. 
1991).

	28.	Monday, June 2	Network Security Basics
Authentication protocols, ISO model and its relationship to security

Reading:	text, ß27;
V. L. Voydock and S. T. Kent, „Security Mechanisms is High-
Level Network Protocols,¾ Computing Surveys 15(2) pp. 135‚
171 (June 1983).

	29.	Wednesday, June 4	Network Security Analysis
Analysis of a network protocol (PEM or NTP) using the Internet Security 
Architecture

Reading:	M. Bishop, „A Security Analysis of the NTP Protocol, Version 2,¾
Proceedings of the Sixth Annual Computer Security Applica-
tions Conference pp. 20‚29 (Dec. 1990).

	30.	Friday, June 6	Penetration Studies: Reports #4, Detecting the Intruder
Each team will present a report on the intrusion (if any), what they did to 
detect the intruder, and what the attacker did once in.

Reading:	L. T. Heberlein, K. Levitt, and B. Mukherjee, „A Model to Detect 
Intrusive Activity in a Networked Environment,¾ Proceedings of 
the Fourteenth National Computer Security Conference pp. 
362‚371 (Oct. 1991).

Projects

Why a Project?

This course covers a very large discipline, and ‚ perhaps more so than many other areas of computer sci-
ence ‚ the discipline of computer security runs through many other areas. Because the class has a very 
limited amount of time, we will only touch the surface of many topics. The project gives you an opportunity 
to explore one of these topics, or some other area or application of computer security that interests you, in 
some depth.

Suggestions for How to Proceed

First, choose a topic.  Good ways to find a topic are to think about an area of computer science you enjoy, 
and try to relate it to computer security (or vice versa); talk to some other graduate students and see if 
what they are doing suggests any ideas; think of ways security of the system you¼re working on could be 
made better; go to the library and browse for an interesting-looking paper; and so forth.  The major com-
puter security journals are Computers & Security and Journal of Computer Security, but articles appear in 
almost all journals; the major conferences are Crypto and Eurocrypt (for cryptography), Symposium on 
Research in Security and Privacy, National Computer Security Conference, and the Annual Computer 
Security Applications Conference. If you need more help or have questions, feel free to talk to me.

This term, you may also use the penetration study as your project (see below). If you do this, you will need 
to turn in a final report as well as the interim reports and presentations (if you are not on campus, don¼t 
worry about the presentations).

Some Suggestions for Project and Report Topics

Ä	Biology and Computer Security: viruses, worms, and so forth

Ä	The Adoption of the DES

Ä	Security Requirements in Educational, Commercial and Governmental Environments

Ä	User/System Authentication Methods

Ä	Formal Models (for example, something in depth on HRU, TPM, etc.)

Ä	A Study of the Security of the your.favorite.operating.system System (check with me on this one!)

Ä	Property-based Testing

Ä	Electronic Voting Machines and Computer Security

Ä	Rights and Amplification of Rights in a Capability System

Ä	How the Attackers Do It

Ä	Auditing and Logging

Ä	Breaking Ciphers with Computers (you will have to narrow this down a great deal)

What Is Due When

Friday, April 25 	By this time you should have chosen your project.  Turn in a 2‚3 page writeup of 
what you want to do, and why; list several sources, and describe how you plan to 
go about completing the project.  For example, if you are writing a survey paper, 
state the theme and in general terms how you will organize your paper.

Wednesday, May 14	By this time your project should be well underway.  Turn in a 3‚4 page description 
of what you have done, approaches that you took and that failed, and so forth. For 
example, for a survey paper, turn in a brief description of what your references 
contain, and present a detailed outline of your paper.

Friday, June 6	Your completed project is due.