AaDrǁ  0 @  ` `@@@PPPPPppHH $ @d HHHH̀̀̀ff@  d Footnote TableFootnote**.\t.\t/ - :;,.!? 3 c dZTOCHeading1Heading2'AmorosoBanierBibaCryptoDenningDonn EurocryptFouchGaines GarfinkelHafnerKahnKargersKonheimLinux Littlefield MacmillanMarkoffMatyasMeyerMorrieNostrandOReillyPrenticeReinholdRowmanSchneierSchuster ScribnersSimpsonSinkovSpaffordThTuTuThUCDiskWileyisunrootkit   ZEquationVariablesBi8&999::/:L888 8 =|U::>>.Y 34757: Title: Projects 8У34757: Title: Projects<$lastpagenum><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear>J<$hour>:<$minute00> <$ampm> on <$dayname>, <$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear> <$fullfilename> <$filename> <$paratext[Title]> <$paratext[Heading1]> <$curpagenum> <$marker1> <$marker2> (Continued)+ (Sheet <$tblsheetnum> of <$tblsheetcount>)Heading & Page <$paratext> on page<$pagenum>Pagepage<$pagenum>See Heading & Page%See <$paratext> on page<$pagenum>. Table All7Table<$paranumonly>, <$paratext>, on page<$pagenum>Table Number & Page'Table<$paranumonly> on page<$pagenum>Heading <$paratext>5HTML Headings33A;;==?XADDFFHHAQ8(8*8,8.80828486888:8<8>8@8B8D8F8H8J8L8N8P8R8T8V8X8Z8\8^8`8b8d8f8h8j8l8n??8r8t8v8x8z8|8~888??88888888888888888888@'@)8888888888888888888888888@{@}888888888888899@@999 9 9999999999 9"9$9&9(9*9,9.90929496989:9<9>9@9B9D9F9H9J9L9N9P9R9T9V9X9Z9\9^9`9b9d9f9h9j9l9n9p9r9t9v9x9z9|9~99999999999999999999999999999999999999999999999999999999999AAA9::::: : : :>>>:N:P:R:T:V:X:Z:\:^:`:b:d:f:h:j:l:n%:p:q:*:9:::::: :":$:&:(:*:,7:.:1:377 7: 8 8 8 :5:7:9:;:=:?:A:B: : ::9::9::9::;1.::2.::3.::4.::5.:9::9::9:::::9::::9:>*:9::::9:;1.::2.::3.::4.::5.::6.::7.:€:8.:À: 9.:Ā: 10.:ŀ: 11.:ƀ: 12.:ǀ: 13.:Ȁ:14.:ɀ:15.:ʀ:16.:9:̀: : : ::*:Ҁ:><:<&<> *:;>!9:;&>$*=&;>-(<< >Z=&<>\<&<< ^=+>`=]=B9=`=a"=b#=c"=d"=e#=f$=g"=h"=i#={(=>b>d>f>h>j>l>n>p>r>t>v>x>z; ;V;9;;W ;9>|>>;&>;;&>;>;;&;;!; !;!!;M;X ;Y ;Z ;[ ;\ ;] ;^ ;_ ;` >>;A;&;&;AA<AAAAAzdq=3d;$ d8#d8 HmR8HmRHRHRFootnote Hr@8Hr@HzHz Single LineH8 Footnote 8  HD8 HDHH Double LineH8 Double Line8 8 H8  Single Line8 HZ8  TableFootnoted5p?? EGxR8EGxREPwEPw TableFootnoted8$d5l d8%d"t"CFILORUxuX[^adgjmpsy| %),/ifc`]ZW/Bm }d 8'd WeHTML Mapping Table }Hd 8)Hd We }d 8+d We }d 8-d We } d 8/ d We }H&81H&% FrameMaker PE Source Item }H 83H We HTML Item }H 85H We }H&87H& W eInclude Auto# } H&89 H& W e Comments }H8;H W e }HH8= HH W eElement }H8?#H %New Web PEPage? }H8AH We } H8C H We }H 8E $H We P:Date Line }HH 8G#%HH WeP }H 8I$&H WeN }H 8K%'H WeN } H 8M&( H We }EH 8O')EH We P:Reading }HEH 8Q(*HEH WeP }EH 8S)+EH WeN }EH 8U*,EH WeN } EH 8W+- EH We }QH 8Y,.QH WeP:Title }HQH 8[-/HQH WeH* }QH 8].0QH WeN }QH 8_/1QH WeN } QH 8a02 QH We }]H 8c13]H WeP:Body }H]H 8e24H]H W eP }]H 8g35]H W!eN }]H 8i46]H W"eN } ]H 8k57 ]H W#e }iH(8m68iH( W$e P:Numbered1 }HiH(8o79HiH(('eLI %e Parent = OL Q&e Depth = 0 }iH(8s8:iH( W(eN }iH(8u9;iH( W)eY } iH(8w:< iH( W*e }H 8y;=H  W+e P:Heading1 }HH 8{<>HH  W,eH* }H 8}=?H  W-eN }H 8>@H  W.eN } H 8?A H  W/e }H(8@BH(  W0e P:Numbered }HH(8ACHH(( 3eP 1e Parent = OL Q2e Depth = 0 }H(8BDH(  W4eN }H(8CEH(  W5eY } H(8DF H(  W6e }H 8EGH  W7e P:CellBody }HH 8FHHH  W8eP }H 8GIH  W9eN }H 8HJH  W:eN } H 8IK H  W;e }H 8JLH  W<eP:CellHeading }HH 8KMHH  W=eP }H 8LNH  W>eN }H 8MOH  W?eN } H 8NP H  W@e }H 8OQH  WAe P:Footnote }HH 8PRHH  WBeP }H 8QSH  WCeN }H 8RTH  WDeN } H 8SU H  WEe }H(8TVH( WFe P:Bulleted }HH(8UWHH((IeLI Ge Parent = UL QHe Depth = 0 }H(8VXH( WJeN }H(8WYH( WKeN } H(8XZ H( WLe }H 8Y[H WMe P:Heading2 }HH 8Z\HH WNeH* }H 8[]H WOeN }H 8\^H WPeN } H 8]_ H WQe }H8^`HR% P:HeadingRuPEnIn }HH8_aHH WSeP }H8`bH WTeN }H8acH WUeN } H8bd H WVe }7H 8ce7H WWe P:Indented }H7H 8dfH7H WXeP }7H 8eg7H WYeN }7H 8fh7H WZeN } 7H 8gi 7H W[e }CH8hjCH\% P:TableFootPEnote }HCH8ikHCH W]eP }CH8jlCH W^eN }CH8kmCH W_eN } CH8ln CH W`e }]H(8mo]H( Wae P:TableTitle }H]H(8npH]H((deLI be Parent = OL Qce Depth = 0 }]H(8oq]H( WeeN }]H(8pr]H( WfeN } ]H(8qs ]H( Wge }H 8rtH Whe P:BodySpaced }HH 8suHH WieP }H 8tvH WjeN }H 8uwH WkeN } H 8vx H Wle }H 8wyH WmeP:Date }HH 8xzHH WneP }H 8y{H WoeN }H 8z|H WpeN } H 8{} H Wqe }H(9|~H(r% P:NumberedPESpaced }HH(9}HH((ueP se Parent = OL Qte Depth = 0 }H(9~H( WveN }H(9 H( WweY } H(9  H( Wxe }H 9 H WyeP:DateProject }HH 9HH WzeP }H 9H W{eN }H 9H W|eN } H 9 H W}e }H 9H W~e C:BoldItalic }HH 9 HH WeSTRONG }H 9 H WeN }H 9 H WeN } H 9 H We }H9! H% C:EquationPE Variables }HH9# HH WeEM }H9% H WeN }H9'H WeN } H9) H We }H 9+H We C:Italic }HH 9-HH W eEM }H 9/H W eN }H 91H W eN } H 93 H W e }H 95H W eC:Bold }HH 97HH WeSTRONG }H 99H WeN }H 9;H WeN } H 9= H We }H9?H% X:Heading & PEPage }HH9AHH We See Also }H9CH WeN }H9EH WeN } H9G H We })H 9I!)H WeX:Page }H)H 9K "H)H We See Also })H 9M!#)H WeN })H 9O"$)H WeN } )H 9Q#% )H We }5H9S$&5H% X:See HeadPE ing & Page }H5H9U%'H5H We See Also }5H9W&(5H WeN }5H9Y')5H WeN } 5H9[(* 5H W e }OH 9])+OH W!e X:Table All }HOH 9_*,HOH W"e See Also }OH 9a+-OH W#eN }OH 9c,.OH W$eN } OH 9e-/ OH W%e }[H9g.0[H &% X:Table NumPE ber & Page }H[H9i/1H[H  W'e See Also }[H9k02[H  W(eN }[H9m13[H  W)eN } [H9o24 [H  W*e }uH9q35uH !W+e X:Heading }HuH9s46HuH!,% USE XREF PEFMT }uH9u57uH !W-eN }uH9w68uH !W.eN } uH9y79 uH !W/e }H9{8:H "W0e P:Header }HH9}9;HH"1%THROW PEAWAY }H9:<H "W2eN }H9;=H "W3eN } H9<> H "W4e }©H 9=?©H #W5eP:Line }H©H 9>@H©H #W6eH* }©H 9?A©H #W7eN }©H 9@B©H #W8eN } ©H 9Av ©H #W9e }»d 94F»d 6$W:eHTML Options Table }D»d 94D»d 6$W;e }»d 94»d 6$W<e }D 94CGD 6%W=eControl }DH 94FHDH 6%W>eValue }H 94GIH 6%W?e Comments }D694HJD6 6&W@e Image Format }DH694IKDH666&A% 0001IMAGGIF p MACP0001GIEF }H694JLH6 6&WBe }D 94KMD 6'WCeBanners }DH 94LNDH 6'WDeN }H 94MOH 6'WEe }D94NPD6(F% Banner ReferPE ence Frame }DH94OQDH 6(WGe }H94PRH 6(WHe }D(94QSD((6)I$% Copy Files  Imported by PE Rerefernce }DH(94RTDH( 6)WJe }H(94SUH( 6)WKe }DD(94TVDD((6*L% Copy Files  Imported by PE Reference }DDH(94UWDDH( 6*WMeN }DH(94VxDH( 6*WNe }Vd 94w[Vd 6+WOeSystem Macros }?Vd 94?Vd 6+WPe }Vd 94Vd 6+WQe }f? 94X\f? 6,WRe Macro Name }?fH 94[?fH 6,WSe Replace With }fH 94^fH 6,WTe Comments }r? 94]_r? 6-WUe StartOfDoc }?rH 94^?rH 6-WVe }rH 94arH 6-WWe }~? 94`b~? 6.WXe EndOfDoc }?~H 94al?~H 6.WYe }~H 94ld~H 6.WZe }?94ce?6/[% StartOfSubPEDoc }?H94dm?H 6/W\e }H94mgH 6/W]e }?94fh?60^% EndOfSubPEDoc }?H94gn?H 60W_e }H94njH 60W`e }?94ik?61a% StartOfFirstPESubDoc }?H94jo?H 61Wbe }H94omH 61Wce }?94ln?62d% EndOfFirstPESubDoc }?H94mp?H 62Wee }H94ppH 62Wfe }?94oq?63g% StartOfLastPESubDoc }?H94pq?H 63Whe }H94qsH 63Wie } ?94rt ?64j% EndOfLastPESubDoc }? H94sr? H 64Wke } H94ry H 64Wle }H ABwH 5Gme C:Emphasis }H AvxH 5GneEM }H AwsH 5GoeN },d 94u|,d 66WpeCross-Reference Macros }?,d :4?,d 66Wqe },d :4,d 66Wre }<? :4y}<? 67Wse Macro Name }?<H :4|~?<H 67Wte Replace With }<H :4}<H 67Wue Comments }H?: 4~H? 68Wve See Also }?HH: 4?HH68w% See Also: PE <$paratext> }HH:4HH 68Wxe }Vd >4Vd 6+Wye }fH >4\]fH 6,WzeHead }rH >4_`rH 6-W{e }hd :4 hd 6:WeGeneral Macros }?hd :4?hd 6:We }hd :4hd 6:We }hd :4hd 6:We }x? :4"x? 6;We Macro Name d:I d:J d l d:K du  WBm }d :M d  <W|eHeadings Table }Hd :O Hd  <W}e }d :Q d  <W~e }H:S H  =WeHeading Level }HH:U HH =%Paragraph ForPEmat }H:W H  =We Comments }H:Y H >W e2 }HH:[ HH  >We Heading1 }H:] H  >We }KH :_ KH  ?We3 }HKH :a HKH  ?We Heading2 }KH :c KH  ?We }WH :e WH  @We4 }HWH :g HWH  @W eLine }WH :i WH  @W e }cH:k cH  AW e1 }HcH:m HcH AW  eTitle }cH:o cH  AW e HHˆ;%HHˆ‚11 H@Vgraded as quickly as possible, usually within three class periods after I receive it. 1I wHomeworks are due on the given date. If you have a reason for turning it in late, please discuss it with me. Im quite liberal about due dates in a graduate class, but I do  not  want to have to grade lots of papers at the end of the term, and vI cannot post answers until all the homework is in. If you turn homework in late without making arrangements first, I vwill take 10% off your score for every day it is late (including weekends, holidays, and any other classification you @care to use!) !J vPlease think your answers through before writing them down in final form; a request for a proof requires a proof, not va statement that its probably right, and here are 15,000 examples to show it; a request for a discussion should be xtreated as an essay question, with a main theme and arguments for and against the answer. It is fair to present the facutors that affect your answer; it is not acceptable to begin by giving one answer in the introduction and a different tanswer in the conclusion! (Yes, youll lose points.) And, always show your work; if you simply write down a correct @Manswer and do not show how you got that answer, you will not get any credit. !{ sAll homework must be submitted electronically, in text, Postscript, or PDF format. See the UCDisk handout for more ninformation. Also, if you have a problem with UCDisk, send email as described on the UCDisk web page. Copy me zon the mail, and email your homework.  Accepting homework through email is a pain, so I will not accept it unless you !@have sent a trouble report. K`Project L媚 yThis class requires a term project requiring you to do outside reading, or apply what weve learned in class to a realis0utic situation, or extend your knowledge beyond what is done in class. The project is an integral part of the course, because it demonstrates youve learned enough to go beyond what we talked about in class. The section   Projects  @xdescribes the requirements in some detail and suggests possible projects, as well as the required intermediate reports. N"`Grading O4` 50% Homework P@` 50% Project Q`Note that there are no exams. Re`Recommended Reading Sw \Edward Amoroso,  Fundamentals of Computer Security Technology,  Prentice-Hall 1994 0qCovers many topics but with little depth. This provides a very good overview of the subject, but you need to fol@7low the references to appreciate much of what is said. T tEdward Amoroso,  Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, !.and Response , Intrusion.net Books 1999. "vAn excellent introduction to one of the most exciting fields of computer security. If youre interested in this area, @this book is a must read. !U PDorothy Denning,  Cryptography and Data Security,  Addison-Wesley 1984 pPerhaps the best computer security text written so far; its only problem is being very out of date. Much of the qcryptography is drawn from this book. If you can get a copy of it, I strongly encourage you to do so; its a won@ derful text. !V pHelen Fouch Gaines,  Cryptanalysis: a Study of Ciphers and their Solution , Dover Publications, 1956. qA classic on cracking transposition and substitution ciphers, it does not cover more modern cryptography, but it @=shows the basics of cryptanalysis in a non-mathematical way. !W sSimpson Garfinkel and Gene Spafford,  Practical UNIX and Internet Security , OReilly & Associates, 1996. @bA marvelous book on UNIX security. Dont look for deep principles here; this book is a practicum. !X YMorrie Gasser,  Building a Secure Computer System,  Van Nostrand Reinhold, 1985 qThe book for practical and theoretical considerations in the design of a secure computer system. Not too rigor@ous, but quite comprehensive. !Y MKatie Hafner and John Markoff,  Cyberpunk , Simon & Schuster, 1991. oThis book describes three of the better-known computer security incidents and the people behind them. Its not @,too technical, but a good study of hackers. AZ mLance J. Hoffman,  Rogue Programs: Viruses, Worms, and Trojan Horses,  Van Nostrand Reinhold, 1990. HHˆ;'HHˆ?8 ld;(88 }?xH :!4 #?xH 6;We Replace With }xH :#4"$xH 6;WeHead }xH :%4#%xH 6;We Comments }? :'4$&? 6CWe }?H :)4%'?H 6CWe }H :+4&(H 6CWe }H :-4')H 6CWe }d :04(,d 6DWeCharacter Macros }?d :24?d 6DW e }d :44d 6DW(e }? :64)-? 6EW)e Character }?H :84,.?H 6EW*e Replace With }H ::4-/H 6EW+e Comments }? :<4.0? 6FW,e }?H :>4/1?H 6FW-e¢ }H :@40iH 6FW.e HHˆ7HHˆ3We HHˆ7;HHˆ22ld:D55d:E4d66 l d:F4d²"C\5"CFILORUxuX[^adgjmpsy| %),/ifc`]Z HHˆ;)!HHˆ++8Z@nA collection of papers about malicious programs; the section on social and legal issues is very interesting, 1[ IDavid Kahn,  The Codebreakers , Second Edition, Macmillan 1996. mTruly a classic, this book combines history with some basic cryptanalysis to show the evolution of codes and @Kciphers. This is the unabridged version, recently updated and re-released. !\ KAlan Konheim,  Cryptography: A Primer,  John Wiley and Sons 1981. nProbably the best book yet on cryptanalysis; it does not have as much depth as Meyer and Matyas book on some psubjects (such as the DES), but it is much broader in scope. Beware of the notation, though: this can be a very @hard book to understand! !] qCarl Meyer and Stephen Matyas,  Cryptography: A New Dimension in Computer Data Security , John Wiley and Sons, 1982. @SA very complete study of modern cryptography; the chapter on the DES is excellent. !^ uNational Research Council,   Computers at Risk: Safe Computing in the Information Age , National Academy Press, 1991. @\A study of how national policy should reflect problems, and advances, in computer security. !_ IDonn Parker,  Crime by Computer,  Charles Scribners Sons 1976. nGood discussion of what can happen if you ignore security considerations; it also considers ethics, something @#rarely seen but very badly needed. !` sWayne Patterson,  Mathematical Cryptography for Computer Scientists and Mathematicians , Rowman and Littlefield, 1987. nHighly mathematical, up-to-date treatment of many ciphers. Watch out for typographical errors and switches in @notation, though! !a \Bruce Schneier,  Applied Cryptography , Second Edition, John Wiley and Sons, 1996. tThis book is a good but non-rigorous introduction to cryptography. The first edition had loads of errors, but (I am @0told) this version has eliminated most of them. !b mAbraham Sinkov,  Elementary Cryptanalysis: A Mathematical Approach , The Mathematical Association of America, 1966. @OA readable yet mathematical account of substitution and transposition ciphers. cW`Academic Integrity di Please see the Spring 2000  Class Schedule and Room Directory  for a general discussion of this. In particular, for this u@course: e gAll work submitted for credit must be your own. You may discuss your assignments with classmates, with 0uinstructors, or with readers in the course to get ideas or a critique of your ideas, but the ideas and words you subqmit must be your own. Unless explicitly stated otherwise in the assignment, collaboration is considered cheating @$and will be dealt with accordingly. f kFor written homework, you must write up your own solutions and may neither read nor copy another students ê@ solutions. gҪ lFor programs, you must create and type in your own code and document it yourself. Note that you are free to ު@8seek help while debugging a program once it is written. ah qA good analogy between appropriate discussion and inappropriate collaboration is the following: you and a fellow sstudent work for competing software companies developing different products to meet a given specification. You and qyour competitor might choose to discuss product specifications and general techniques employed in your products, tbut you certainly would not discuss or exchange proprietary information revealing details of your products. Ask the @Tinstructor for clarification  beforehand  if the above rules are not clear. HHˆ;+!HHˆ A77 ld;,AA HUV 7HUV ;W!e HUV 7=3HUV ::l H$ 7H$ =W"e H$ 7;H$ <<l HHˆ7HHˆ((? `General Information ,` Instructor ` Matt Bishop $!I``Office hours : Tu 9:00AM10:00AM and Th 4:00PM5:00PM Pacific Coast time, or by appointment 0`MOffice : 3059 Engineering Unit II Email : bishop@cs.ucdavis.edu 1`OPhone : (530) 752-8060 WWW : http://seclab.cs.ucdavis.edu/~bishop 2`hNote : Please put  ECS 253 URGENT  in the subject of all email to help me see it quickly! 3` Lectures 4`.TuTh 12:10PM1:30PM in Room 1062, Banier Hall 5`Course Outline 6ê uElements of cryptography and data security; system security, and network security. Both theory and applications will Ϫ@+be covered, but theory will be emphasized. 7` Course Goals 8` Some goals we hope you achieve: 9`+learn the importance of computer security; :`Cunderstand how to use cryptography in support of security services ;`7learn the basic theory and practise of secure systems; <`Kunderstand the types of security services needed for network security; and =`Nanalyze or survey some aspect of computer security and cryptography in depth. >O`Text ?a ~We will be using draft chapters of a book in preparation ( Computer Security: Art and Science ). These will be handed m@out in class. @`Computer Programs A mThe homework assignments, and your project, may require computer programs. Any computer programs written for 0vthis class must be well documented, cleanly written, and have a manual page or write-up describing how to use it, its yinput, and its output. Include sample runs. If you have C or C++ available, I would prefer you use one of those; if not, @please check with me. B`)Course Web Page, Handouts, and Newsgroup C窖 }The web page  http://ecs253.ucdavis.edu  contains links to all course handouts (except for the published/copyrighted @gpapers). If that is not available, go to my web page and follow the link in the Quick Index section. !D nBecause we have some students without access to the UC Davis campus newsgroups, information about this class, ~homework assignments, office hours, and so forth, will be posted to the web page as well as to the  ucd.class.ecs253  snewsgroup. Read this newsgroup (or web page) daily, especially near the time assignments are due. You are responsiyble for everything posted. This newsgroup is not for discussion about the class, for but information from the instructor @to you. !E {If you want to post things about the class, please use the discussion newsgroup  ucd.class.ecs253.d. , or send the @qinstructor a mail message asking that something be posted. Discussing something in this group is perfectly fair! F`HPostings from both newsgroups will be copied to the web page regularly. Gl` Homework WH~ pThere will be 5 homework assignments. The due date will be on each assignment. I will try to have your homework HHˆ7HHˆ >> l HHˆ;-9HHˆAWi ` HHˆ;/9HHˆ8K@@ ld;0KK d7DHH$ 7CFH$ EE l H$ 8CH$ DW%l=April 4, 2000ECS 253 Spring Quarter 2000Page 9  HUV 8CDHHUV GG l HUV 8CHUV FW&l@Last modified at  11:00 am on Thursday, April 6, 2000  HHˆ8CFHHˆII l HHˆ8CHHˆHW'` HHˆ;1BHHˆR$$KM ` Syllabus j`6# DateTopic, Readings, and Other Information x ` kJ`71.Tuesday, April 4Introduction to Computer Security n\`F2. Thursday, April 6Foundations Part 1: Access Control Matrix, HRU o d` p|`;3.Tuesday, April 11Foundations Part II: Take-Grant, SPM r`)4.Thursday, April 13Security Policies , ` s`-5.Tuesday, April 18Confidentiality Models u`(6.Thursday, April 20Integrity Models / ` .ષ`V7.Tuesday, April 25Other Models: Availability, ORCON, Role-Based, Non-Interference 1`>8.Thursday, April 27Basic Cryptography: Ciphers, Protocols v  ` m`Q9.Tuesday, May 2Applications of Cryptography: Key Management and Distribution y$`/10.Thursday, May 4Access Control Mechanisms 4 ,` 3D`%11.Tuesday, May 9Information Flow 5V`'12.Thursday, May 11Security Kernels H ^` Ev`a.Tuesday, May 16 no class  (2000 IEEE Symposium on Research in Security and Privacy) I`S13.Thursday, May 18Formal Methods for Assurance: Specification and Verification G ` `g.Tuesday, May 23 no class  (National Colloquium on Information Systems Security Education) L`>14.Thursday, May 25Informal Methods for Assurance: Testing ~ ` |ڪ``15.Tuesday, May 30 Ad hoc  Methods for Assurance: Auditing, Intrusion Detection  `c16.Thursday, June 1Applied Methods for Assurance: Vulnerability Analysis and Secure Programming  `  `.17.Tuesday, June 6Network Systems Security `318.Thursday, June 8Distributed Systems Security !*`)Reading : text , chapter 28 ` al mWe may schedule make-up classes for the two that I will miss. The exact date and time of the make-up classes @Udepends upon the schedule of class members (all must agree to the dates and times!). HHˆ;3BHHˆANJJ ld;4NN HHˆ;5LHHˆNWq ` HHˆ;7LHHˆKQMM ld;8QQ HHˆ;9OHHˆƒ,,Qw hProjects t,`Why a Project? # rThis course covers a very large discipline, and perhaps more so than many other areas of computer science the 0Itdiscipline of computer security runs through many other areas. Because the class has a very limited amount of time, wwe will only touch the surface of many topics. The project gives you an opportunity to explore one of these topics, or @Wsome other area or application of computer security that interests you, in some depth. !9 sThe specific goal of the project is to produce a paper. The paper may document software (or hardware) work, so you pmay choose that kind of project. The paper must either be of publishable quality, or be publishable should some @+(small amount) of additional work be done. %`Suggestions for How to Proceed & vFirst, choose a topic. Good ways to find a topic are to think about an area of computer science you enjoy, and try to 0xrelate it to computer security (or vice versa); talk to some other graduate students and see if what they are doing sugtgests any ideas; think of ways security of the system youre working on could be made better; go to the library and vbrowse for an interesting-looking paper; and so forth. The major computer security journals are  Computers & Secu"rity  and  Journal of Computer Security,  but articles appear in almost all journals; the major conferences are  Crypto  and Eurocrypt  (for cryptography),  S ymposium on Research in Security and Privacy,   National Computer Security Conference , and the  A nnual Computer Security Applications Conference.  If you need more help or have questions, feel free @to talk to me. (`/Some Suggestions for Project and Report Topics $/`ZThe following are just to get you thinking. You will need to do much refinement for each! '> sAnalyze your favorite Internet or network protocol with respect to specific security requirements. Is it adequate, J@Gor should changes be made to enhance its ability to meet stated goals? :Y rDo a historical survey of computer viruses or worms. You will need to examine the differences of types of viruses e@+(or worms) as well as giving a chronology. ;t |We have several copies of an attack kit called  rootkit . Analyze its genealogy which version came first, can you @*trace their evolution, and how,  etc. < qUC Davis has an electronic mail security policy. Is it reasonable or realistic? What are the legal implications? @FCould you improve it from the point of view of system administration? = rLook at attack signatures and derive a little language to capture some class of them. Can you generalize your lan@Mguage to include as many attacks as possible? Focus on the temporal aspects. >Ū`7Add temporal logic to the Take-Grant Protection Model. ? sThe non-interference and non-deducibility results are related to multi-level security used to protect confidential0઎uity. Can you either extend those results to the Biba integrity model, or set up a similar notion for integrity-based @or availability-based models? @ mHow would you look for non-secure settings of environment variables in an executing program? Can you develop 0ma wrapper that will check those values whenever a subprocess is spawned? (The motive here is that we may not qhave access to the source code, but can wrap the program so when it executes, the wrapper controls execution and @Xcan stop the wrapped program to check state.) You may need to hack a kernel to do this. A. Design and implement Kargers Trojan Horse checking scheme. Be sure you check  login ,  mail ,  etc.  because :@2those are the programs attackers will instrument. BI sPick a class of vulnerabilities, analyze it, and design tools to check for those problems in program. Substantiate U@@any claims of success by implementing a prototype and using it.  n`What Is Due When W€`/All submissions are to be made through UCDisk. HHˆ;;OHHˆNTPP ld=mTT HHˆ=nRHHˆ  T6 iThursday, April 13By this time you should have chosen your project. Turn in a 23 paragraph write-up of 0[what you want to do, and why; list several sources (at least 3), and describe how you plan $to go about completing the project. YYour submission is to be in HTML format; a template is on the web page. I will post this @4to the web page  as soon as I get it .  7H vTuesday, May 9 By this time your project should be well underway. Turn in a  detailed  outline or design 2TVdocument. Be specific about what you are doing, how, and what you expect (hope!) will Ybe the result. Motivation is important; why should anyone other than you care about your result? VAgain, your submission is to be in HTML format; a template is on the web page. I will @9post this to the web page  as soon as I get it . S8`5Thursday, June 8 Your completed project is due. HHˆ=pRHHˆQXSS l~H =zVYH W W`>But stay tuned we hope to get one sometime during the term! d>%XX HHˆ>&VHHˆUYUX   `All About UCDisk  }This term, we will be experimenting with the Universitys shared file system, called  UCDisk . All homework is to be @Usubmitted through this shared file system. This is a brief introduction to using it.  O`What Is UCDisk?  a oUCDisk is a large shared disk facility built on AFS (a descendent of the Andrew File System). It provides fine-0mugrained access control, which will play a part in how you will use UCDisk. It also is accessible from a large number zof places on campus, including from the  isun  systems and most Windows labs. If you have a home computer running nWindows 95 or 98, and you connect over the Internet (either from another ISP or through the campus modem bank @Busing PPP), you can mount the file system onto your home machine.  uUnfortunately, you cannot yet connect from the CSIF. If this experiment works out well, we will try to make it avail0rable next term. But currently AFS software is available to the University only for SGI systems (although a native @ Linux client is being written). `Accessing UCDisk  ⪠ qTo access UCDisk, you first need a campuswide login (called your UCD login) and a password. The authentication 0rprotocol Kerberos is used to authenticate you, and your identity in turn controls what you can access. This means your password is  never  sent over the network (in the clear or enciphered). If you do not have a UCD login,  telnet  to @kthe host mothra.ucdavis.edu, log in as  services  (no password needed) and choose N from the menu.  mYour UCDisk home directory has your UCD login as its name. For example, my UCDisk home directory is called 0 pbishop. DCAS has created UCDisk home directories for everyone in the class who has a UCD login. If you do not @nhave a UCD login, please get one and email me when it is selected, and Ill ask DCAS to make you a directory. ULUU=U;(Once you have a directory, you can access it through Windows (any of 95, 98, or NT will work ), the  isun s, or the IU:oECE UNIX computer systems. (Sorry, you cant do it through a Mac. The Mac doesnt handle the right versions of ULUUWzKerberos.  ) The web page http://ucdisk.ucdavis.edu describes how to do this from all systems; go to the Getting 4c|Started link. Briefly, from a UNIX system, if your UCD login is  ucdlogin , you log into the system, and run a comqmand to authenticate yourself to UCDisk. From a Windows system, log into UCDisk using the web interface and then pperform the network mounting as described on the web page; your home directory will be represented by a network @(VHHˆTWW l~Hº >,VUHº WWz``The standard method doesnt seem to work for Windows 2000. We hope to get it working this term. }? >Y4_[? 6BW}e }?H >[4Z\?H 6BWe... }H >]4[H 6BWe }? >_4b^? 6GWe }?H >a4]_?H 6GWe- }H >c4^ZH 6GWe }? >e4ea? 6HWe }?H >g4`b?H 6HWe-- }H >i4a]H 6HWe }? >k4hd? 6IWe }?H >m4ce?H 6IWe° }H >o4d`H 6IWe }? >q4kg? 6JWe }?H >s4fh?H 6JWe® }H >u4gcH 6JW e }? >w41j? 6KW!e }?H >y4ik?H 6KW"e© }H >{4jfH 6KW)e }~H >4bc~H 6.W*e }H>4efH 6/W+e }H>4hiH 60W-e }H>4klH 61W0e }H>4noH 62W2e }H>4qrH 63WCe } H>4tu H 64WDe }H AxtH 5GFeN }H AsH 5GJe }DA4zvD69gK% CSS Export E Encoding }HA4uwH 69GMe }HA4vXH 69GNe }DA4WyD6LgO% Export EnEcoding }HA4xzH 6LGPe }HA4yuH 6LGQe dLeftdCRightd ReferenceddHTMLd4HTMLd Headingsd d !d 9d Bd Ld Od RdV&@@ [Mapping Table Title. @@ [Body. f@ [Body. f@ [Body. @@ [Footer. f@T [ TableTitleT:Table : . f@ [ BodySpaced. f@ [ Bulleted\t. f@ [Body. f@ [...Date. mf@ [l. DateProject. @@ [Header Double Line. @@ [Header Double Line. f@T [Heading1Body. f@ [ Numbered.\t. f@E [ Numbered1.\tNumbered. f@ [ NumberedSpaced.\t. f@ [ CellFooting. f@ [ CellHeading. f@ [ CellBody. f@ [@.@.@.Date. f@ [.Reading. @@ [Mapping Table Cell. @@[Mapping Table Cell. @@2Mapping Table Cell. @@ 2Mapping Table Cell. @@ [Mapping Table Cell. f@ [ Footnote.  f@@\TitleBody. f@ [...Date. f@ [.Reading. f@ [ Bulleted\t. mf@ [l. DateProject. f@ \  Body. f@T \Heading1Body. f@ \  2Body. @@[Mapping Table Cell. f@$[ .Line Single Line. f@ [ Footnote. f@$[.Line Single Line.  f@P[ TitleBody.  f@P[TitleBody. f@ [CellBody. f@ [ CellHeading.  f@T [Heading2Body. f@T [ HeadingRunInBody. f@ [ Indented. f@ [ TableFootnote. f@T [ TableTitleT:Table : .  f@T [Heading1Body. f@ [ Numbered.\t. f@E [ Numbered1.\tNumbered. \ [Bold [ [ 2 [ ڝ[[Emphasis[ \  \ [ ڝ[[EquationVariables [Italic 2  BoldItalic [Italic [ [2 [ \ [Italic [ [Bold[ [[ 2  BoldItalic [ZZThinMediumDoubleThick@ Very Thin HHHHHFormat AH Mapping Table HHHHHFormat BH Mapping Tableh6ˆ5HHHHH$9DHH+4?HHH68?HH :C?HHHTDB?HH*< ? @ h( A B C D E h  F G H I J h  K L M N O h  P Q R S T h( UVWXYh Z[\]^h_`abc7h defghChijklm]h(nopqrh stuvwh xyz{|h(}~h h    h  h h h)h  !"#$5h%&'()Oh  *+,-.[h!/ 0 1 2 3 uh "4!5!6!7!8!h!#9":";"<"="©h "5>#?#@#A#B#» %6C$D$E$ $&6F%G%H%6%'6I&J&K& &(6L'M'N'')6O(P(Q(((*6R)S)T)D()L6U*V*W*Vd ,6X+Y++Z+f +-6[,\,,],r ,.6^-_--`-~ -/6a.b.l.c..06d/e/m/f//16g0h0n0i0026j1k1o1l1136m2n2p2o2246p3q3q3r3 36s4t4r4u4h #v5w5x5s5t5,d 76y6z6{6< 686|7}7~7H76888L6u9v9w9hd ;6::::x :C6 ;";#;$;d =  <<<<> ====? >>>K >@ ???W ?A @@@c@ AAA G6ZB[B\B ;6%C&C'C(Cd E6)D*D+D DF6,E-E.E EK6/F0F1F HB6]G^G_G IG6`HaHbH JH6cIdIeI KI6fJgJhJ FJ6iKjKkK*96xLyLzLComment 8 8  :d@ BlackT!WhiteddARedddGreendd BluedCyandMagentad YellowHeader/Footer $1Header/Footer $1Header/Footer $2Header/Footer $2IndexIndexCommentCommentSubjectSubjectAuthorAuthorGlossaryGlossaryEquationEquation Hypertext Hypertext  Cross-Ref Cross-Ref Conditional TextConditional TextPositionFMPrivatePositionFMPrivateRangeEndFMPrivateRangeEndFMPrivate HTML Macro HTML Macro M.Times.P Times-Roman FrameRoman M.Times.B Times-Bold FrameRoman M.Helvetica.BHelvetica-Bold FrameRomanM.Times New Roman.BTimesNewRomanPS-BoldMT FrameRomanM.Times New Roman.PTimesNewRomanPSMT FrameRomanM.Times New Roman.ITimesNewRomanPS-ItalicMT FrameRoman M.Times.I Times-Italic FrameRomanM.Helvetica.BIHelvetica-BoldOblique FrameRomanl1 HelveticaZTimes[Times New Roman Monotype#Regular$Roman MediumBoldRegular ObliqueItalico$|NWN~<#x x(tx>8ʃB j_j4Ud?TzAԓwt6[(.¹ H>ٕk!7kh` Y롤ߙPĕ%tV'+9:aQ7̸c&W Ƶ-{R7I;[_{$>] \+K%$F @6iJ Z.),Oj