CS 513: System Security
Fall 2006

Computer Science Department
Cornell University

Course schedule

Date Topic Readings Assignments
Aug. 28 Course overview 2005 notes, Trust in Cyberspace, Ch. 1 and 6
30 Threats, vulnerabilities, and design principles 2005 notes, Saltzer and Schroeder, Lampson
Sep. 4 Hashes and message digests KPS Ch. 4, Schneier Ch. 18.14, Bishop Ch. 8.4 HW1 out
6 Symmetric cryptosystems and authentication 2005 notes, Bishop Ch. 9, Schneier Ch. 18
11 Public-key cryptosystems, RSA Lecture notes, Bishop 8.3, Schneier Ch. 19, 22.1.
13 Public-key infrastructures Lecture notes, Bishop 10.4 HW1 due. Project proposal due 9/15.
20 ElGamal, cryptographic protocol engineering Abadi and Needham  
Authentication and Privacy
25 User authentication '05 notes, Bishop 11
27 Biometrics, Privacy '05 privacy notes
Oct. 2 Protection matrices and access control lists Bishop 2, 3, 14.1
4 Capabilities Bishop 14.2, Notes on capabilities, Notes on revocation
11 Java security, logic for authentication and authorization Authentication in distributed systems, Lampson et al., A calculus for access control in distributed systems, Abadi et al. (1,2,4,5,6.1 HW2 due
System integrity
16 Attacks: stack smashing and more Stack smashing; Stackguard; Heap overflows; Format-strings
18 Reference monitors. Safety properties. Safe C's. Enforceable policies. CCured.
23 Software fault isolation, inlined reference monitors Erlingsson, Schneider Project design due
25 Java bytecode verification (M. Clarkson)  
30 Trojan horses, viruses and worms Bishop 19; Thompson, Reflections on trusting trust; Costa et al., Vigilante: End-to-End Containment, SQL Slammer worm
Richer policies and properties
Nov. 1 Mandatory access control (MAC), multi-level security, partial orders and lattices Bishop 5, Notes HW3 out (Nov. 3)
6 Biba integrity model  
8 Clark/Wilson; Chinese Wall; role-based access control (RBAC); noninterference Notes, Chinese Wall Security Policy
13 Covert channels, static information flow, Jif Notes, '05 Notes, Bishop 16.3 HW3 due
15 More static information flow Notes
Real-world security mechanisms
20 Availability and denial of service Topics, '05 Notes, Bishop 23.4 HW4 out
22 Firewalls and intrusion detection Bishop 21, 22, 23.3
27 Anonymity (mixes, onion routing), Voting Bishop 13.6
29 Intellectual property protection: DRM, TPM, obfuscation, watermarking Collberg & Thomborson, TPM architecture overview HW4 due Dec. 2
Dec. 6–11 Project demos