CS 590U

Access Control: Theory and Practice

Spring 2006

Syllabus

Back to course homepage

Reference Books:

Chapters of the following books are useful for the course. The first one is available on the Web. Required readings from the other books will be handed out in class. The Amoroso book and the Anderson book have been placed under reservation in the Math&CS library.

Morrie Gasser: (available online) Building A Secure Computer System. Van Nostrand Reinhold Co., 1988.
Ross Anderson: Security engineering : a guide to building dependable distributed systems. Wiley, 2001.
Dieter Gollmann: Computer Security. Wiley, 1999.

Date	Topic	Readings Before Each Lecture
Introduction
Tue Jan 10	Introduction to the course Slides
Thu Jan 12	Access control matrices Partial order State transition systems Slides HW1	Handout on Orders and Lattices (Latex Source) Anderson Book: Sections 4.1 & 4.2 (Handout) Gollmann Book: Chapter 3: Access Control (Handout)

Mandatory Access Control for Confidentiality

Tue Jan 17	The Bell-LaPadula model Slides	Note on BLP (Handout)
Thu Jan 19	The Bell-LaPadula model (continued) (No new slides)	Gollmann Book: Chapter 4: Security Models (Handout) Optional reading: D. Bell and L. LaPadula. "Secure computer systems: Unified exposition and Multics interpretation". Technical Report ESD-TR-75-306, MITRE Corp., March 1976. Section II: Description of the Model Complete Report J. McLean: "Reasoning about security Models", in Oakland'1987. D.E. Bell: "Concerning 'Modeling' of Computer Security", in Oakland'1988.
Tue Jan 24	Noninterference Nondeducability Slides	Goguen and Meseguer. "Security Policies and Security Models". In Oakland'1982. Optional reading: D. Sutherland. "A Model of Information", NCSC'1986. (Handout)
Thu Jan 26	The Lattice Model of Information Flow The confinement problem Covert channels Slides HW2	D. Denning. "A Lattice Model of Secure Information Flow", CACM, May 1976. B. Lampson. "A note on the confinement problem." CACM, October 1973. S.B. Lipner, M. Bedford. "A Comment on the Confinement Problem", In SOSP, November 1975.

Integrity

Tue Jan 31	The Biba integrity model Slides
Thu Feb 2	Clark-Wilson model The Chinese Wall policy Slides	D.D. Clark and D.R. Wilson. "A Comparison of Commercial and Military Computer Security Policies" In Oakland, 1987. Optional Readings D.F.C. Brewer and M.J. Nash: "The Chinese Wall Security Policy", in Oakland'1989. R.S. Sandhu: "Lattice-Based Enforcement of Chinese Walls", in Computer & Security, December 1992.

Discretionary Access Control and Safety Analysis

Tue Feb 7	The Graham-Denning The HRU scheme Slides
Thu Feb 9	Class cancelled for distinguished lecture by Prof. David Patterson
Tue Feb 14	Safety analysis in HRU Slides	M.A. Harrison, W.L. Ruzzo, and J.D. Ullman: Protection in Operating Systems. CACM, August 1976.
Thu Feb 16	Safety analysis revisited Slides	DeMillo book: R.S. Fabry: "One Perspective on the Results about the Decidability of System Safety". (Handout) A.K. Jones: "Protection Mechanism Models: Their Usefulness" (Handout)
Tue Feb 21	Overview of project topics No slides

Role-Based Access Control (RBAC)

Thu Feb 23

RBAC96
NIST RBAC Standard
Slides

R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38--47, February 1996.
Optional reading:
- ANSI Standard on Role-Based Access Control

Tue Feb 28

Separation of Duty in RBAC
Slides

N. Li, J. Byun, and E. Bertino: "A Critique of the ANSI Standard on Role Based Access Control", conditionally accepted to appear in IEEE Security & Privacy. This is a slightly extended version.
N. Li, Z. Bizri, and M.V.Tripunitara: "On Mutually-Exclusive Roles and Separation of Duty", Submitted. Conference version appeared in CCS'2004.

Thu Mar 2

Constraint Generation in RBAC
Slides

Operating System Access Control

Tue Mar 7

Unix Access Control: ACL & setuid
Slides

Hao Chen. David Wagner. Setuid Demystified. In USENIX Security 2002.

Thu Mar 9

Unix Access Control: Confining Programs, chroot, jail, and DTE
Slides

Tue Mar 21

Capabilities
Slides

N. Hardy: The Confused Deputy. In Operating Systems Review, 22(4), 1988.
M.S. Miller, K-P Yee, and J. Shapiro: Capability Myths Demolished. Johns Hopkins Tech Report, 2003.
Optional reading: (Helpful in understanding the previous two papers)
- N. Hardy: KeyKOS Architecture. In Operating Systems Review, 19(4), 1985.

Trust Management and Automated Trust Negotiation

Thu Mar 23	Basics of Logic & Logic Programming Slides	U. Nilsson and J. Maluszynski: Logic, Programming and Prolog Chapters 2 & 3
Tue Mar 28	Guest Lecture by Jiangtao Li: Automated Trust Negotiation Using OACerts Slides
Thu Mar 30	Overview of Trust Management SDSI Slides	M. Blaze, J. Feigebaum, and J. Lacy: Decentralized Trust Management. In Oakland'1996. D. Clarke et al.: Certificate chain discovery in SPKI/SDSI, JCS, November 2001.
Tue Apr 4	Continue previous lecture No new slides
Thu Apr 6	Cancelled for Dorothy Denning's talk
Tue Apr 11	RT0 and Distributed Credential Chain Discovery Slides (in PPT)	N. Li, W.H. Winsborough, and J.C. Mitchell: Distributed Credential Chain Discovery in Trust Management. Journal of Computer Security, February 2003. Conference version in CCS 2001. N. Li, J.C.Mitchell, and W.H. Winsborough: Design of A Role-based Trust-management Framework. IEEE Symposium on Security and Privacy, 2002.


Thu Apr 13	Review of the course Slides
Project Presentations
Tue Apr 18	Isuru Yipeng
Thu Apr 20	Wonjun Tiancheng
Tue Apr 25	Qun Ziqing
Thu Apr 27	Jing Hong