CS 491 Introduction to Computer Security

Credit Hours: 4
Course Coordinator: Jim Hook
Course Description: Provides a broad overview of computer security. Provides a solid theoretical foundation, as well as real-world examples, for understanding computer security. Fundamental theoretical results, foundational models, and salient examples will be covered. Security in computer operating systems, networks, and data will be covered, with emphasis on operating system and program security.
Prerequisites: CS 333, CS 350, C and Java programming.
Goals: Students can expect to leave the class with an understanding of the theoretical underpinnings for computer security, an appreciation of the strengths, weaknesses, and limitations of the major theories, and an understanding of the application of computer security theory to real-world systems. Students will also gain experience and insight into the application of theory to practical systems.

Upon the successful completion of this course students will be able to:

1. Explain standard models of confidentiality and integrity (such as Bell LaPadula and Biba) and can apply them in the specification of a security policy.

2. Explain the concepts of confidentiality, availability and integrity.

3. Explain standard access control mechanisms (mandatory, discretionary, originator controlled) and how they can be used in conjunction with security models.

4. Explain malware paradigms including the following possibilities: host race conditions, buffer overflows

5. Explain various forms of authentication including password and biometric systems

6. Describe use of cryptographic algorithms in various secure protocols including session-key protocols, secure email, IPSEC. Student should also be able to define digital signatures, hash functions, symmetric key, and public key cryptography.
Textbooks: Hacking: The Art of Exploitation, Jon Erickson, 2008
References: These are online references.
  • Additional research papers will be made available as the quarter progresses. Check the syllabus page regularly. Announcements of new papers will be made on the class mail list.
  • One of the classic papers in early computer security is The Protection of Information in Computer Systems by Jerome H. Saltzer and Michael D. Schroeder. Students are strongly encouraged to visit this online paper for important background information.
  • The History of Computer Security project at UC Davis is making available many of the seminal papers in the field of computer security. This is an important project that has made many important papers available.
  • David Wheeler's Secure Programming for Linux and UNIX HOWTO is an invaluable source of good techniques, lore, common sense, and good pointers to useful information.
  • The INFOSEC Security Glossary is an excellent tools for learning terms and meanings. I've downloaded the IEEE Internet Security Glossary as well.
  • When we get to authentication (Chapter 12), a seminal paper by Robert Morris and Ken Thompson will be referenced. The reference is somewhat opaque, so I have made the paper available for the interested student.
  • A recent paper by Carl E.Landwehr provides a good introduction to the topic of computer security.
  • Butler Lampson wrote the seminal paper A Note on the Confinement Problem which appeared in the Communications of the ACM in 1973. Dr. Lampson is now at Microsoft Research.
Major Topics: Historical perspectives and development of computer security
Computer security policies
Steganography
Cryptographic mechanisms
Authentication
Design principles
Access control
Information flow and analysis
General confinement principles
Laboratory Exercises: Analysis of password protection schemes. (2 weeks)
Covert and steganographic communications channels. (2 weeks)

 

CAC Category Credits Core Advanced
Data Structures
Algorithms 1.0
Software Design 1.0
Computer Architecture
Programming Languages 0.5

 

Oral and Written Communications: None.
Social and Ethical Issues: Ethical impacts of computer security. Computer hacking, cracking, etc. (approximately 20%)
Theoretical Content: About 60% of the course covers the following theoretical material: computer security policies, steganography, cryptographic mechanisms, authentication, design principles, access control, information flow and analysis, general confinement principles.
Problem Analysis: Algorithm analysis 
Analysis of security policies 
Analysis of security policy interactions 
Analysis of mapping from policy to implementation
Solution Design: Security algorithm implementation 
Design of testing for security algorithms 
Brute force breaking of security mechanisms