Because we have some students without access to the UC Davis campus newsgroups, information about this class, homework assignments, office hours, and so forth, will be posted to the web page as well as to the ucd.class.ecs253 newsgroup. Read this newsgroup (or web page) daily, especially near the time assignments are due. You are responsible for everything posted. This newsgroup is not for discussion about the class, but information from the instructor to you.
If you want to post things about the class, please use the discussion newsgroup ucd.class.ecs253.d, or send the instructor a mail message asking that something be posted. Discussing something in this group is perfectly fair!
Postings from both newsgroups will be copied to the web page regularly.
Because this is a graduate class, we'll begin with no penalty for late homework. (I reserve the right to change this if I feel students are falling behind.) This class covers a lot of material very quickly, and if you delay you will probably fall too far behind to catch up easily. So don't delay - do the homework on time!
Some general notes: if you handwrite your homework, please write legibly. If I can't read your answer, or understand it, it's wrong. Please think your answers through before writing them down in final form; a request for a proof requires a proof, not a statement that "it's probably right, and here are 15,000 examples to show it;" a request for a discussion should be treated as an essay question, with a main theme and arguments for and against the answer. It is fair to present the factors that affect your answer; it is not acceptable to begin by giving one answer in the introduction and a different answer in the conclusion! (Yes, you'll lose points.) And, always show your work; if you simply write down a correct answer and do not show how you got that answer, you will not get any credit.
The handout Projects describes the requirements in some detail and suggests possible projects, as well as the required intermediate reports.
|UCD Students:||40% Homework||40% Project||20% In-Class Participation|
|NTU Students:||50% Homework||50% Project|
Note that there are no exams.
A good analogy between appropriate discussion and inappropriate collaboration is the following: you and a fellow student work for competing software companies developing different products to meet a given specification. You and your competitor might choose to discuss product specifications and general techniques employed in your products, but you certainly would not discuss or exchange proprietary information revealing details of your products. Ask the instructor for clarification beforehand if the above rules are not clear.
|#||Date||Topic, Readings, and Other Information|
|1.||Monday, March 31||Introduction to Computer Security
Reading: text, §1, §2, §8.2;
M. Bishop, "Computer Security," unpublished
|2.||Wednesday, April 2||The Role of Cryptography and
Basic Information Theory
Reading: text, §20.1
|3.||Friday, April 4||Penetration Studies: Foundations|
We will discuss the structure of a penetration study, go through a couple of examples, and begin planning our exercise.
Reading: text, §3;
M. Bishop, "Vulnerabilities Studies," unpublished
|4.||Monday, April 7||Number Theory and Transposition
Reading: text, §20.3
|5.||Wednesday, April 9||Substitution Ciphers and Their Analysis|
|6.||Friday, April 11||Penetration Studies: Flaw
This is the basis for penetration studies; we will explore it using UNIX examples.
Reading: text, §5;
R. R. Linde, "Operating System Penetration," AFIPS National Computer Conference, AFIPS, Arlington, VA pp. 361-368 (1975).
|7.||Monday, April 14||Product Ciphers and the DES
Reading: text, §20.4;
The Data Encryption Standard, FIPS PUB 46 (Jan. 1977);
M. E. Hellman, "DES Will Be Totally Insecure Within 10 Years," IEEE Spectrum 16(7) pp. 32-39 (July 1979); including rebuttals by W. Tuchman, G. Davida, and D. Branstad
|8.||Wednesday, April 16||Public Key Cryptography,
the Knapsack Cipher, the RSA Cipher
Reading: text, §21.5;
W. Diffie, "The First Ten Years of Public-Key Cryptography," Proceedings of the IEEE 76(5) pp. 560-577 (May 1988);
R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM 21(2) pp. 120-126 (Feb. 1978).
|9.||Friday, April 18||Penetration Studies: Reports #1,
From the Outside|
Each team will have 5 minutes to present the techniques it tried, what was learned, and what should be tried next
|10.||Monday, April 21||No class|
|11.||Wednesday, April 23||No class|
|12.||Friday, April 25||Penetration Studies:
We will discuss the Program Analysis project, RISOS, Aslam's classification, and the Davis security model.
Reading: C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, "A Taxonomy of Computer Program Securty Flaws," Computing Surveys 26(3) pp. 211-254 (Sep. 1994).
|13.||Monday, April 28||Authentication,
One-Way Hash Functions
Reading: text, §18 and §19;
R. Morris and K. Thompson, "Password Security: A Case History," Communications of the ACM 22(11) pp. 594-597 (Nov. 1979).
|14.||Wednesday, April 30||Key Management,
Reading: text, §21.8-9;
S. Kent, "Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management," RFC 1422 (Feb. 1993).
|15.||Friday, May 2||Penetation Studies: Reports #2,
From the Inside|
Each team will present the techniques it tried, what was learned, and what should be tried next.
|16.||Monday, May 5||Limits of Security|
The HRU result; the Take-Grant Protection Model; limits of decidability
Reading: M. A. Harrison, W. L. Ruzzo, and J. D. Ullman, "Protection in Operating Systems," Communications of the ACM 19(7) pp. 461-471 (Aug. 1976);
L. Snyder, "Formal Models of Capability-Based Protection Systems," IEEE Transactions on Computers C-30(3) pp. 172-181 (Mar. 1981).
|17.||Wednesday, May 7||Lattice Models;
Models of Confidentiality|
Bell-LaPadula Model, tranquility, System Z and the debate
Reading: text, §6-§7, §9-10;
J. McLean, "A Comment on the `Basic Security Theorem' of Bell and La Padula," Information Processing Letters 20(2) pp. 67-70 (Feb. 15, 1985);
L. La Padula, "The `Basic Security Theorem' of Bell and La Padula Revisited," unpublished
|18.||Friday, May 9||Penetation Studies: Analysis|
Implementation vs. design flaws, effects, how to limit damage, how to prevent introduction
Reading: text, §25
|19.||Monday, May 12||Models of Integrity|
Lipner's Access Matrix Model, Biba, Clark-Wilson
Reading: text, §12-13;
S. B. Lipner, "Non-Discretionary Controls for Commercial Applications," Proceedings of the 1982 IEEE Symposium on Security and Privacy pp. 2-10 (Apr. 1982);
D. Clark and D. Wilson, "A Comparison of Commercial and Military Computer Security Policies," Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 184-194 (Apr. 1987).
|20.||Wednesday, May 14||Hybrids and Standards|
Chinese Wall, Orange Book, ITSEC
Reading: text, §29;
D. Brewer and M. Nash, "The Chinese Wall Security Policy," Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 206-214 (May 1989).
|21.||Friday, May 16||Penetration Studies:
Reports #3, Fixing the Flaws|
Each team will present an analysis of the flaws uncovered, and how they would fix them and/or prevent their introduction
|22.||Monday, May 19||Policy and Modelling Issues|
Nondeducibility, noninterference, composition of policies and the Hook-Up Theorem
Reading: text, §11, §24
D. McCullough, "Specifications for Multi-Level Security and a Hook-Up Property," Proceedings of the 1987 IEEE Proceedings on Security and Privacy pp. 161-166 (Apr. 1987).
|23.||Wednesday, May 21||Access Control Mechanisms|
Access Control Matrix, ACLs, Capabilities; levels of privilege, ring-based control
Reading: text, §22
Ko, Hai-Ping, "Security Properties of Ring Brackets," Proceedings of the Computer Security Foundations Workshop II, pp. 41-46 (June 1989).
|24.||Friday, May 23||Penetration Studies:
How to detect exploitation of flaws; logs, auditing, real-time vs. post mortem analysis
Reading: text, §16-17;
D. Denning, "An Intrusion Detection Model," Proceedings of the 1986 IEEE Symposium on Security and Privacy pp. 118-131 (Apr. 1986).
|25.||Monday, May 26||Memorial Day University Holiday|
|26.||Wednesday, May 28||Access Control
Mandatory and Discretionary Controls, Origination Control
|27.||Friday, May 30||Security Kernels|
Principles, trusted path, covert channels, principle of layering, verification; discussion of examples
Reading: text §26;
P. Karger, M. Zurko, D. Bonin, M. Mason, and C. Kahn, "A Retrospective on the VAX VMM Security Kernel," IEEE Transactions on Software Engineering SE-17(11) pp. 1147-1165 (Nov. 1991).
|28.||Monday, June 2||Network Security Basics|
Authentication protocols, ISO model and its relationship to security
Reading: text, §27;
V. L. Voydock and S. T. Kent, "Security Mechanisms in High-Level Network Protocols," Computing Surveys 15(2) pp. 135-171 (June 1983).
|29.||Wednesday, June 4||Network Security Analysis|
Analysis of a network protocol (PEM or NTP) using the Internet Security Architecture
Reading: M. Bishop, "A Security Analysis of the NTP Protocol, Version 2," Proceedings of the Sixth Annual Computer Security Applications Conference pp. 20-29 (Dec. 1990).
|30.||Friday, June 6||Penetration Studies: Reports #4,
Detecting the Intruder|
Each team will present a report on the intrusion (if any), what they did to detect the intruder, and what the attacker did once in.
Reading: L. T. Heberlein, K. Levitt, and B. Mukherjee, "A Model to Detect Intrusive Activity in a Networked Environment," Proceedings of the Fourteenth National Computer Security Conference pp. 362-371 (Oct. 1991).
This course covers a very large discipline, and - perhaps more so than many other areas of computer science - the discipline of computer security runs through many other areas. Because the class has a very limited amount of time, we will only touch the surface of many topics. The project gives you an opportunity to explore one of these topics, or some other area or application of computer security that interests you, in some depth.
First, choose a topic. Good ways to find a topic are to think about an area of computer science you enjoy, and try to relate it to computer security (or vice versa); talk to some other graduate students and see if what they are doing suggests any ideas; think of ways security of the system you're working on could be made better; go to the library and browse for an interesting-looking paper; and so forth. The major computer security journals are Computers & Security and Journal of Computer Security, but articles appear in almost all journals; the major conferences are Crypto and Eurocrypt (for cryptography), Symposium on Research in Security and Privacy, National Computer Security Conference, and the Annual Computer Security Applications Conference. If you need more help or have questions, feel free to talk to me.
This term, you may also use the penetration study as your project (see below). If you do this, you will need to turn in a final report as well as the interim reports and presentations (if you are not on campus, don't worry about the presentations).
|Friday, April 25||By this time you should have chosen your project. Turn in a 2-3 page writeup of what you want to do, and why; list several sources, and describe how you plan to go about completing the project. For example, if you are writing a survey paper, state the theme and in general terms how you will organize your paper.|
|Wednesday, May 14||By this time your project should be well underway. Turn in a 3-4 page description of what you have done, approaches that you took and that failed, and so forth. For example, for a survey paper, turn in a brief description of what your references contain, and present a detailed outline of your paper.|
|Friday, June 6||Your completed project is due.|
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562