CS5430: System Security - Topic Outline
The outline below contains notes on various
topics to be covered in class this semester.
The links are to scribed lecture notes for past lectures in previous
offerings of this course and,
in a few places, to draft chapters for a new textbook.
All of these written notes are being offered solely on an "as is" basis ---
what is actually covered in lecture this semester and the manner in which that
material is presented may differ from these scribed lecture notes:
- The order of topic presentation for the major units
will almost certainly differ from
the organization listed below.
- Any comments you have on the .draft chapters (.pdf files) would be greatly appreciated.
Feel free to point out typographical errors, technical errors,
or even passages that you find confusing or ambigious.
Note.
Cornell University Policy restricts the use of these notes.
In addition, these notes are copyright F.B. Schneider.
All rights reserved.
Readings to accompany each topic
are indicated within the outline in square brackets.
[B] |
Matt Bishop,
Introduction to Computer Security,
Addison Wesley, 2005. |
[KPS] |
Charlie Kaufman, Radia Perlman, and Mike Speciner.
Network Security. Private Communication in a Public World.
Prentice Hall, 1995. |
[S] |
Bruce Schneier.
Applied Cryptography.
Second Edition. Wiley, 1996. |
Links are also given to other sources that expand upon the material
that will be covered in lecture.
Topic Outline
- Introduction
[Additional reading:
Trust
in Cyberspace chptrs 1 and 6;
B chptrs 1 and 12;
Saltzer-Schroeder paper;
Lampson paper
]
- Attacks, Threats, and Vulnerabilities
- Security Properties
- Enforcement Principles
- Gold Standard and Accountability
- Risk Management
- Authentication of Machines
- Authenticating Humans [B chptr 11]
- Something you know
- Something you have
- One-time Passwords from Synchronized Clocks (aka RSA SecurID)
- One-time Passwords from Hash Chains (aka S/Key)
- Two-Factor authentication
- Something you are
- Federation and Single Sign-On
- Privacy Issues
- Authorization
- Discretionary Access Control [B chptrs 2-4, 14]
- Access Control Matrix
- *Undecidability of Privilege Propagation
- Access Control Lists
- Capabilities
- Tagged memory implementation
- Protected storage implementation
- Cryptography-based implementation
- Type-checking implementation
- Case Study: Access control in UNIX
- Mandatory Access Control
- Chinese Wall [B chptr 7.1]
- Domain Type Enforcement
- Clark-Wilson Commercial Policies [B chptr 6.3]
- Role-based Access Control [B chptr 7.4]
-
Credentials-based Authorization
- Information Flow [B chptr
15]
- Labels
- Non-interference
- Static vs Dynamic Enforcement
- Enforcement
- Investment
Incentives and
Doctrine
Appendix: Some Notes on Cryptography