ECS 235B, Winter 2025: Foundations of Computer and Information Security

Announcements

• none yet

Class Information

• General Information
• Syllabus
• All About Homework
• Term Project

Homework

• Homework #1 (due Apr 14)
• Homework #2 Revision 1 (due Apr 30) (Note change of due date)
  • Homework #2 (due Apr 28)
• Homework #3 Revision 2 (due May 16)
  • Homework #3 (due May 14)
• Homework #4 (due Jun 4)

Extra Credit

• Extra Credit #1 (due Jun 11)
• Extra Credit #2 (due Jun 11)

Project

• Project Selection (due Apr 16)
• Project Progress Report (due May 7)
• Completed Project (due June 6, 3:00pm)

Handouts

• Papers are on Canvas for copyright reasons
• Example Homework Answer
• Bell-LaPadula Symbols
• Table of Notation for Noninterference and Nondeducibility

Lecture Outlines

1. Lecture #  1 (Mar 31)
2. Lecture #  2 (Apr 2)
3. Lecture #  3 (Apr 4)
4. Lecture #  4 (Apr 7)
5. Lecture #  5 (Apr 11)
6. Lecture #  6 (Apr 14)
7. Lecture #  7 (Apr 16)
8. Lecture #  8 (Apr 18)
9. Lecture #  9 (Apr 21)
10. Lecture #10 (Apr 23)
11. Lecture #11 (Apr 25)
12. Lecture #12 (Apr 28)
13. Lecture #13 (Apr 30)
14. Lecture #14 (May 2)
15. Lecture #15 (May 5)
16. Lecture #16 (May 7)
17. Lecture #17 (May 12)
18. Lecture #18 (May 14)
19. Lecture #19 (May 16)
20. Lecture #20 (May 28)
21. Lecture #21 (May 30)
22. Lecture #22 (June 2)
23. Lecture #23 (June 4)

Modules

1. Administrative Material
2. Basic Components
3. Reference Monitors
4. Access Control Matrix
5. Attribute-Based Access Control Matrix
6. HRU Result
7. Take-Grant Model Rules
8. Sharing in the Take-Grant Model
9. Stealing in the Take-Grant Model
10. Schematic Protection Model
11. Expressiveness
12. Typed Access Matrix Model
13. Security Policies
14. Security Policy Languages
15. Precise and Secure Policies
16. Lattices
17. Confidentiality Policies and the Bell-LaPadula Model
18. Bell-LaPadula Model
19. Applying the Bell-LaPadula Model
20. Tranquility
21. The Controversy and System Z
22. Integrity Requirements and the Biba Model
23. Clark-Wilson Model
24. Trust Models
25. Constraint-Based Availability Models
26. State-Based Availability Models
27. Network Flooding
28. Chinese Wall Model
29. Clinical Information Systems Security Policy
30. Originator-Based Access Control
31. Role-Based Access Control
32. Traducement
33. Break-the-Glass Policies
34. Policy Composition
35. Introduction to Noninterference
36. Security Policy and the Unwinding Theorem
37. Access Control Matrix Revisited
38. Generalized Noninterference
39. Policy Composition I
40. Nondeducibility
41. Restrictiveness
42. Side Channels
43. Introduction to Assurance
44. Building Systems with Assurance
45. Design Assurance Techniques
46. Implementation Assurance Techniques
47. Entropy
48. Introduction to Information Flow
49. Information Flow Policies
50. Confinement Problem
51. Isolation
52. Covert Channels
53. Detecting Covert Channels
54. Analyzing Covert Channels
55. Mitigating Covert Channels
56. Evaluating Systems

---

Matt Bishop Office: 2209 Watershed Science Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu