CS 526: Information Security

TR 12:00-13:15

CS G066

Chris Clifton

Email: clifton_nospam@cs_nojunk.purdue.edu

Course Outline

Course Topics

Basic notions of confidentiality, integrity, availability; authentication models; protection models; security kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; risk assessment.

Teaching Assistants

Ferit Erin
Office: MATH B15
Office hours: M 14:00-15:00 & F 10:00-11:00, or by appointment.
Phone: 49-66232
Email: ferit@cs.purdue.edu

Please send questions to the course newsgroup purdue.class.cs526. This should be used for most questions. If you have something you don't want made public, send it to cs526@ics.purdue.edu. We will also be using WebCT for recording and distributing grades.

Mailing List

Please add yourself to the course mailing list. Send mail to mailer@cs.purdue.edu containing the line:

add your email to cs526

Feel free to send things to the course mailing list if you feel it is appropriate. An example might be a pointer to a particularly helpful on-line manual describing an API used in one of the projects.

Prerequisites

The official requirement is CS 503 (Operating Systems) or equivalent, and by extension the material required as a prerequisite to CS 503. If you do not have this background please look at the discussion of prerequisites, then come talk with me.

Text

Matthew Bishop, Computer Security: Art and Science Addison-Wesley, 2003. ISBN 0-201-44099-7

I suggest you get the latest printing of the textbook; earlier printings had some typos that made follwoing the text a challenge. Also get the appropriate Errata pages.

Some students have found primary material in the research literature easier to understand than the (condensed) treatment in the textbook. The text contains extensive references (over 1000); you are encouraged to go to these for material you have difficulty with.

Another suggestion is the text used for the undergraduate course (CS426):
Charles P. Pfleeger and Shari Lawrence Pfleeger Security in Computing, 3/e Prentice Hall, 2003.
You may find this book easier to read, however it does not provide the level of mathematical rigor needed for this course.

Evaluation/Grading:

The exact mix of projects, written homeworks, papers, etc. is yet to be determined. However, at this point I expect there will be one to two programming projects, and two to four paper reviews (See here for a discussion of what I mean by paper review.) During weeks when you are not working on a project or paper review, there will be analytical written homework problems, with a mix of mathematical work (e.g., proving correctness of a protocol) and case studies (e.g., discuss different methods used to secure an example system.)

Evaluation will be a subjective process (see my grading standards), however it will be based primarily on your understanding of the material as evidenced in:

Exams will be open note / open book. To avoid a disparity between resources available to different students, electronic aids are not permitted.

Projects and written work will be evaluated on a ten point scale:

10
Exceptional work. So good that it makes up for substandard work elsewhere in the course. These will be rare, and for many homeworks/problems a perfect score will correspond to an 8.
8
What I'd expect of a Ph.D. candidate. This corresponds to an A grade.
6
Good enough for a Master's degree, but not what I'd like to see for a Ph.D. candidate. This corresponds to a B grade.
4
Okay for a Master's candidate who does extremely well in other courses. This corresponds to a C grade.
2
Not good enough for a graduate student. But something.
0
Missing work, or so bad that you needn't have bothered.

Late work will be penalized 1 point per day (24 hour period). This penalty will apply except in case of documented emergency (e.g., medical emergency), or by prior arrangement if doing the work in advance is impossible due to fault of the instructor (e.g., you are going to a conference and ask to start the project early, but I don't have it ready yet.)

Qualifier Requirements

Qualifying exam, time and place to be determined. Advance registration required.

If you plan to use this course as part of your Part 1 Qualifying Exams, you should have emailed your availability during final exam week to cs526@ics.purdue.edu by September 20, 2004. Check your exam schedule first! (it will be available September 16.)

Academic Integrity Policy

Please read and sign the Department of Computer Sciences Academic Integrity Policy. This will be followed unless I provide written documentation of exceptions.

Late work will be penalized except in case of documented emergency (e.g., medical emergency), or by prior arrangement if doing the work in advance is impossible due to fault of the instructor (e.g., you are going to a conference and ask to start the project early, but I don't have it ready yet.) The penalty for late work is 20% if turned in after the deadline. Work beyond one week may not be accepted (additional delay in posting solution sets is unfair to other class members), however if accepted the penalty will be an additional 20% for each week late.

You may also be interested in reviewing Professor Spafford's Policy on Intellectual Honesty.

Policy on Commercial Note Taking

Course Outline (numbers correspond to week):

Note: The course outline is being updated from Fall 2003, and will change. In particular, the assignments (and due dates) will change. They are provided at this time to assist you in planning for the course.

  1. August 24: Guest lecture by Prof. Mikhail Atallah. Cryptography: Cipher methods, Single key vs. Public Key. Slides (PDF), Reading: Chapter 9, 11.1-11.2.
    Assignment 1 (due 9/2), solutions.
    Introduction: Role of security, Types of security, Basic definitions: trust, security, vulnerability, safeguard, countermeasure, etc. Slides (PDF). Reading: Chapters 1,2.1-2.3.
  2. Access Control Matrix Model. Decidability of safety / security. Slides (PDF), Reading: 2.4, 3.1-2. Optional reading: Dobkin, Jones, and Lipton, Secure Databases: Protection against User Influence.
    Assignment 2 (due 9/9), solutions.
  3. Protection Models. Slides (PDF), Reading: Chapters 3.3-3.8.
    September 9: Guest lecture by Prof. Mikhail Atallah. Oblivious transfer + application to privacy-preserving online purchases of digital media, bit commitment and application to anonymous communication ("dining cryptographers"), blinc signatures and a glimpse of its use in digital cash systems.
    Assignment 3 (due 9/21), solutions.
  4. Finish with protection models.
    Policy formation. Slides (PDF). Reading: Chapters 4, 5.1-5.2.
  5. Bell-LaPadula model. More formal policy models. Slides (PDF). Reading: 5.3-5.7, 6, 7, 8 (skim except as noted). Optional reading: Multics security paper.
    Assignment 4 (due 9/30), solutions.
  6. September 28: Guest lecture on policy by Prof. Eugene Spafford.
    Information flow. Slides (PDF). Reading: Chapter 16-17.
    Assignment 5 (Project) (due dates 10/14 and 10/28). Some Hints and Common Mistakes. Test Cases for the Project Grading
  7. Authentication and Identity. Slides (PDF). Reading: Chapters 12, 14. Optional reading on ATM password breaking (from Bill Frauenhofer): News reports one and two, paper.
  8. October 12: Fall Break.
    Midterm Review slides (PDF),
  9. October 19, in class: Midterm covering Weeks 1-7. Exam and solutions.
    Secure design principles. Reading: Chapter 13.
    Optional reading: What Bill Gates Says About Security.
  10. System Design: TCB and security kernel construction. Least-privilege. Verification and validation. Risk Analysis. Certification issues. Slides (PDF). Reading: Chapters 18, 19.
    System Verification. Slides (PDF). Reading: Chapter 20.
    Assignment 6 (due 11/9).
  11. November 2, 4: Guest lecture by Prof. Cristina Nita-Rotaru. Network Security: Authentication. Interception and denial of communications. Distributed authentication issues: Kerberos, SESAME, etc. Routing, flooding, spamming. Firewalls. PDF slides. Reading: Chapter 26.
  12. Security Evaluation. Reading: Chapter 21.
    Role of audit and control, Audit Mechanisms. Slides (PDF). Reading: Chapter 24. Optional reading: ISACA model curriculum.
    Assignment 7 (due 11/23).
    Distributed cooperation and commit. Optional reading:
    Skeen, Dale, ``A Formal Model of Crash Recovery in a Distributed System,'' IEEE Transactions on Software Engineering 9(3), May 1983, pp.219-228. (preliminary on-line version from SIGMOD'81) (preliminary on-line version from SIGMOD'81)
    Philip A. Bernstein, Vassos Hadzilacos, Nathan Goodman, Concurrency Control and Recovery in Database Systems, Chapter 7: Distributed Recovery, Addison Wesley, 1987.
  13. Malicious Code: Viruses, Worms, etc. Slides (PDF). Reading: Chapter 22. Optional reading: Simson Garfinkel, Proof of Concept: Are today's computer viruses tests of information warfare weapons?, Technology Review, May 2003. (PDF available locally.)
    Misuse and intrusion detection: host, network, distributed, application. Pattern and behavior detection. Distributed attacks and defenses. Limitations. Slides (PDF). Reading: Chapter 25.
  14. Vulnerability Analysis. Slides (PDF). Reading: Chapter 23.
    Optional Reading: Thomas E. Daniels, Benjamin A. Kuperman, Eugene H. Spafford, Penetration Analysis of a XEROX Docucenter DC 230ST: Assessing the Security of a Multi-purpose Office Machine, 23rd National Information Systems Security Conference, Baltimore, Maryland, October 16-19, 2000.
    November 25: Thanksgiving
  15. Cyberlaw Slides (PDF).
    Digital Rights Management (Slides PDF), Reading: Handing Over the Keys: Security chips are on the way, but are they trustworthy?, Technology Review, February 2003 (PDF available locally); Trusted Computing Group; Trusted Computing Frequently Asked Questions - TCPA / Palladium / NGSCB / TCG.
    Assignment 8 (due 12/9).
    Other topics (optional reading):
    Forensics (Slides, PDF).
    Physical threats, operational security, Legal and Societal Issues. Managing a secure environment: Trusted Solaris (Slides, PDF).
  16. Review (Slides, PDF).

You may also want to see the canonical syllabus and a previous offering of the course.

Final Exam (solutions), Monday, December 13, 08:00-10:00, CS G066.

Qualifying exam, Wednesday, December 15, 13:00-14:00, Math 431. (Sample from last year.)

Valid XHTML 1.1!