CS 526: Information Security

LWSN B134

Course Topics

Basic notions of confidentiality, integrity, availability; authentication models; protection models; security kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; risk assessment.

Teaching Assistant

Ashish Kundu
Office: LWSN 2161 Cubicle 13
Office hours: Tuesday, Thursday: 3:30pm-4:30pm, or by appointment.
Office hours to be held at: LWSN 2161 conference room in the lab. Phone: 49-69399
Email (preferred contact mechanism): firstname followed by k at cs d0t purdue d0t edu

Mailing List

There will be a course email list used for high-priority announcements. This will use your @purdue.edu email address; make sure this is forwarded to someplace you look on a regular basis.

We will be using Blackboard for turning in assignments, recording and distributing grades, as well as a discussion tool.

For review (and if you miss a lecture), you can pick them up as a vodcast/podcast. Be warned that the audio isn't great, and that you only see what is on the screen, not what is written on the chalkboard.

Prerequisites

The official requirement is CS 503 (Operating Systems) or equivalent, and by extension the material required as a prerequisite to CS 503. If you do not have this background please look at the discussion of prerequisites, then come talk with me.

Text

Matthew Bishop, Computer Security: Art and Science Addison-Wesley, 2003. ISBN 0-201-44099-7

I suggest you get the latest printing of the textbook; earlier printings had some typos that made follwoing the text a challenge. Also get the appropriate Errata pages.

Some students have found primary material in the research literature easier to understand than the (condensed) treatment in the textbook. The text contains extensive references (over 1000); you are encouraged to go to these for material you have difficulty with.

Another suggestion is the text used for the undergraduate course (CS426):
Charles P. Pfleeger and Shari Lawrence Pfleeger Security in Computing, 3/e Prentice Hall, 2003.
You may find this book easier to read, however it does not provide the level of mathematical rigor needed for this course.

Evaluation/Grading:

The exact mix of projects, written homeworks, papers, etc. is yet to be determined. However, at this point I expect there will be one to two programming projects, and two to four paper reviews (See here for a discussion of what I mean by paper review.) During weeks when you are not working on a project or paper review, there will be analytical written homework problems, with a mix of mathematical work (e.g., proving correctness of a protocol) and case studies (e.g., discuss different methods used to secure an example system.)

Evaluation will be a subjective process (see my grading standards), however it will be based primarily on your understanding of the material as evidenced in:

Midterm Exam (25%)
Final Exam (36%)
Written assignments, projects, paper reviews (36%)
Evaluation of instructors based on in-class contributions, discussions, and overall performance (3%)

Exams will be open note / open book. To avoid a disparity between resources available to different students, electronic aids are not permitted.

Projects and written work will be evaluated on a ten point scale:

10: Exceptional work. So good that it makes up for substandard work elsewhere in the course. These will be rare, and for many homeworks/problems a perfect score will correspond to an 8.
8: What I'd expect of a Ph.D. candidate. This corresponds to an A grade.
6: Good enough for a Master's degree, but not what I'd like to see for a Ph.D. candidate. This corresponds to a B grade.
4: Okay for a Master's candidate who does extremely well in other courses. This corresponds to a C grade.
2: Not good enough for a graduate student. But something.
0: Missing work, or so bad that you needn't have bothered.

Late work will be penalized 1 point per day (24 hour period). This penalty will apply except in case of documented emergency (e.g., medical emergency), or by prior arrangement if doing the work in advance is impossible due to fault of the instructor (e.g., you are going to a conference and ask to start the project early, but I don't have it ready yet.)

Qualifier Requirements

Qualifying exam, time and place to be determined. Advance registration required.

If you plan to use this course as part of your Part 1 Qualifying Exams, you should have emailed your availability during final exam week to clifton@cs.purdue.edu by October 17, 2010 . Check your exam schedule first! (it will be available September 16.)

Academic Integrity Policy

Please read and sign the Department of Computer Sciences Academic Integrity Policy. This will be followed unless I provide written documentation of exceptions.

Late work will be penalized except in case of documented emergency (e.g., medical emergency), or by prior arrangement if doing the work in advance is impossible due to fault of the instructor (e.g., you are going to a conference and ask to start the project early, but I don't have it ready yet.)

You may also be interested in reviewing Professor Spafford's Policy on Intellectual Honesty.

Policy on Commercial Note Taking

Course Outline (numbers correspond to week):

Note: The course outline is being updated from Fall 2004, and will change. In particular, the assignments (and due dates) will change. They are provided at this time to assist you in planning for the course.

Introduction: Role of security, Types of security, Basic definitions: trust, security, vulnerability, safeguard, countermeasure, etc. Slides. Reading: Chapters 1,2.1-2.3.
Assignment 1 (due 9/3). Solution Sketch 1
Access Control Matrix Model. Decidability of safety / security. Slides, Reading: 2.4, 3.1-2. Optional reading: Dobkin, Jones, and Lipton, Secure Databases: Protection against User Influence.
Assignment 2 (due 9/10), Solution Sketch 2
Protection Models. Slides, Reading: Chapters 3.3-3.8.
Assignment 3 (due 9/22) Solution sketches [pdf] (Thanks to Joel Pfeiffer for sharing his answers.) .
Finish with protection models.
Policy formation. Slides, Reading: Chapters 4 (Optional: Jones and Lipton, The enforcement of security policies for computation, SOSP '75), 5.1-5.2.
Bell-LaPadula model. Reading: 5.3-5.7.
More formal policy models. Reading: 6, 7, 8 (skim except as noted). Optional reading: Multics security paper.
September 24: Prof. Ninghui Li, Finish with Policy Models.
Assignment 4 (due 10/01), Solution Sketch 4
September 27, 29: Prof. Ninghui Li, Information flow.
Assignment 5 (due date 10/8). Solution Sketch 5 [pdf], by Zhongsu Gu.
October 1: Prof. Bertino, Guest lecture on discretionary access control.
Information flow. Slides. Reading: Chapter 16-17.
October 6: Prof. Spafford, Guest lecture.
Authentication and Identity. Slides. Reading: Chapters 12, 14. Optional reading on ATM password breaking (from Bill Frauenhofer): News reports one and two, paper.
Project 1 starts.
October 11: Fall Break.
October 13-15: Dr. Marc Rogers: Guest Lecture on Digital Forensics.
Midterm Review (Review slides)
Project 1 design due 10/18.
October 20: In-class exam (we had too many students with evening conflicts) - Midterm covering Weeks 1-7. Solutions to midterm examination..
Secure design principles. Reading: Chapter 13.
Optional reading: What Bill Gates Says About Security.
System Design: TCB and security kernel construction. Least-privilege. Verification and validation. Risk Analysis. Certification issues. Slides. Reading: Chapters 18, 19.
Guest Lecture October 27 and 29: Prof. Sam Wagstaff: Basics of Cryptography.
Project 1 due 10/29.
System Verification. Slides. Reading: Chapter 20.
Security Evaluation. Reading: Chapter 21.
Role of audit and control, Logging for Audit. Slides. Reading: Chapter 24.
Assignment 6 due 11/12.
Solutions to Assignment 6 (Thanks for John Ross Wallrabenstein).
Audit Mechanisms. Slides. Reading: Chapter 24. Optional reading: ISACA selections.
Malicious Code: Viruses, Worms, etc. Slides. Reading: Chapter 22. Optional reading: Simson Garfinkel, Proof of Concept: Are today's computer viruses tests of information warfare weapons?, Technology Review, May 2003. (PDF available locally.)
Misuse and intrusion detection: host, network, distributed, application. Pattern and behavior detection. Distributed attacks and defenses. Limitations. Slides. Reading: Chapter 25.
Assignment 7 (due 11/19).
Solutions to Assignment 7 (Thanks for John Ross Wallrabenstein).
Vulnerability Analysis. Slides. Reading: Chapter 23.
Optional Reading: Thomas E. Daniels, Benjamin A. Kuperman, Eugene H. Spafford, Penetration Analysis of a XEROX Docucenter DC 230ST: Assessing the Security of a Multi-purpose Office Machine, 23rd National Information Systems Security Conference, Baltimore, Maryland, October 16-19, 2000.
Discussion of Privacy issues around TSA's Backscatter Scanners. (Also relevant: discussion of Social Network Trapdoors.)
Selected Project 1 demos - discussion of how to do a good demonstration, design/code review, etc.
November 24-26: Thanksgiving Break
Project 2 starts on November 22 and submission deadline: December 9.
Analysis of a real buffer-overflow vulnerability and exploit. Reading: Gene Spafford, The Internet Worm Program: An Analysis.
Secure Programming Practices. Reading: CWE/SANS Top 25. Optional reading: Secure Programming Course Module.
Network Security: Authentication. Interception and denial of communications. Distributed authentication issues: Kerberos, SESAME, etc. Routing, flooding, spamming. Firewalls. PDF slides. Reading: Chapter 26.
Guest Lecture December 6, Prof. Cristina Nita-Rotaru: Network Security.
Review (Slides).

You may also want to see the canonical syllabus.

Final Exam Wednesday, 15 December, 13:00-15:00, LAMB 108. (old solutions).

Qualifying exam, Friday, 17 December, 10:00-11:00, LWSN 3102B (Sample from a past year.)

This page last modified