CS 491/591

Jim Hook and Jim Binkley CS 4/591

Fall 2010

Class Mechanics:

Class meets on Monday, Wednesday, 6:40 - 8:30pm, NH 375 (note change from original).

Hook Office Hours: Tuesdays, 2-4pm (no arrivals after 3:30 please) or by appointment, FAB 120-05.

Binkley Office Hours: TBA

Text:

Ross Anderson, Security Engineering. 2nd Edition. John Wiley and Sons. 2008. See: http://www.cl.cam.ac.uk/~rja14/book.html

Lecture Materials:

Hook's lecture notes will be linked from this page. They will occassionally be revised.
Binkley's lecture materials will be at: http://web.cecs.pdx.edu/~jrb/infosec/jrblectures/infosec.lectures.html.
The user/password for this web page has already been placed in the email archive, so please join it and find the password.
Material in the ACM portal can be accessed for free from machines on campus (this is based on the PSU IP address). It is possible to get these materails from home using the PSU VPN or the library proxy server.

Prerequisites: CS 333 (operating systems), CS 350 (algorithms).

Grading:

Midterm: 100 points
Final: 100 points
Term Paper: 100 points
Assignments, Quizzes, Discussion and Class participation: 50 points
Annotated Bibliography: 50 points

Class Mailing List

There is a class mailing list, cs591 at cecs dot pdx dot edu. The web interface is:
https://mailhost.cecs.pdx.edu/mailman/listinfo/cs591

Please sign up on the list. Critical announcements about class will be made on this list.

Students Requiring Accommodation

If you are a student with a disability in need of academic accommodations, you should register with Disability Services for Students and notify the instructor immediately to arrange for support services.

Term Paper Assignment

A term paper is due at the beginning of the last lecture. A title, abstract, annotated bibliography, and outline are due the day of the midterm. Assignment details here.

Calendar (with reading assignments):

Due to travel by Professor Hook, Professor Binkley will give the first two lectures. Professor Hook will give the following 10 lectures, including the midterm. Professor Binkley will give the remaining lectures and the final.

Lecture 1 (9/27): Syllabus, Expectations, First Crypto Lecture (Binkley)

Read: Anderson Chapter 3 and 5

Lecture 2 (9/29): Second Crypto Lecture (Binkley)

Lecture 3: (10/4): Overview, Usability pptx pdf slides pdf handouts

Read: Anderson Chapters 1 and 2
Read: Clive Thompson, Can You Count on Voting Machines?, New York Times Magazine, January 6, 2008
Study Questions: Please note that past mid-term questions have been arranged by topic, roughly paralleling lectures in the first half of the course. They are available in this study guide.

Lecture 4 (10/6): Electronic Voting and Access Control, Inro to Bell LaPadula pptx pdf slides pdf handouts pptx discussed

Read: Feldman, Halderman, and Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 2006.
Note: Prepare to discuss readings on voting in class!
Recommended: Ed Felten's blog entries on Freedom to Tinker on election issues. http://www.freedom-to-tinker.com/tags/voting
Other interesting links: http://www.verifiedvotingfoundation.org/index.php

Lecture 5 (10/11): Access Control, Policy and Historical notes on Security, Bell LaPadula new pptx

Read: Anderson Chapter 4
Read: James P. Anderson, Computer Security Technology Planning Study. http://seclab.cs.ucdavis.edu/projects/history/papers/ande72a.pdf
Reference: SANS Institute model policies http://www.sans.org/resources/policies

Lecture 6 (10/13): Integrity Models; Information Warfare new pptx ppt pdf slides pdf handouts

The first two readings below should have been reposted to Lecture 5:
- Read: David Elliott Bell, Looking Back at the Bell-La Padula Model, http://www.acsac.org/2005/papers/Bell.pdf
- Read: Anderson Chapter 8
Revised readings for Lecture 6:
- Read: Anderson Chapter 9
- Supplemental: Brewer and Nash, The Chinese Wall Security Policy, IEEE Symposium on Research in Security and Privacy, May 1989.
- Read: NY Times, March 29 article on Information Warfare, http://www.nytimes.com/2009/03/29/technology/29spy.html?emc=eta1
- Read: Nagaraja and Anderson, The snooping dragon: social-malware surveillance of the Tibetan movement, University of Cambridge Technical Report, http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html

Lecture 7 (10/18): Integrity, Fraud, Identity and Data Mining pptx pdf pdf handouts

Read: Anderson Chapter 10
NY Times article on NSA spying, Dec 2005, http://www.commondreams.org/headlines05/1216-01.htm
USA Today article on NSA phone records, May 2006, http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm
Corinna Cortes, Daryl Pregibon and Chris Volinsky, "Communities of Interest'', The Fourth International Symposium of Intelligent Data Analysis (IDA 2001), 2001. http://homepage.mac.com/corinnacortes/papers/portugal.ps
Gary M. Weiss (2005). Data Mining in Telecommunications. In O. Maimon and L. Rokach (eds.), Data Mining and Knowledge Discovery Handbook: A Complete Guide for Practitioners and Researchers, Kluwer Academic Publishers, 1189-1201. http://storm.cis.fordham.edu/~gweiss/papers/kluwer04-telecom.pdf
Read: Anderson Chapters 20 and 24. (This is a correction; this reading is optional for F 2010 since the original posting was in error)
Supplemental: Clark Wilson paper http://theory.stanford.edu/~ninghui/courses/Fall03/papers/clark_wilson.pdf

Lecture 8 (10/20) Confinement and Virtualization

Slides pptx ppt (F07 ppt slides handouts)
Read: Lampson, 1973, CACM article, available from ACM portal as http://doi.acm.org/10.1145/362375.362389 and in html.
Read: Lipner, 1975, A Comment on the Confinement Problem. http://doi.acm.org/10.1145/800213.806537
Read: Intel May 2005 IEEE Computer article on virtualization: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1430631
Optional: Kocher, CRYPTO ‘96: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. http://www.cryptography.com/timingattack/paper.html
Optional: R. Wahbe, S. Lucco, T. Anderson, and S. Graham, Efficient Software-based Fault Isolation, http://www.cs.cornell.edu/home/jgm/cs711sp02/sfi.ps.gz
Optional: Christopher Small, MiSFIT: A Tool for Constructing Safe Extensible C++ Systems, http://www.dogfish.org/chris/papers/misfit/misfit-ieee.ps
Optional: Samuel T. King et al., SubVirt: Implementing malware with virtual machines. http://www.eecs.umich.edu/virtual/papers/king06.pdf

Lecture 9 (10/25) Access control and Information flow. pptx ppt

Andrei Sabelfeld and Andrew C. Myers, Language-based Information-Flow Security, http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf. Pay particular attention to Section III (Basics of Language-based information flow). Figures 2 and 3 were presented in lecture.
A file illustrating some issues discussed in class in flowcaml.

Supplementary material:

Denning and Denning, 1977, available from ACM portal.

Vincent Simonet, Flow Caml in a Nutshell.

Flow Caml home page (I got the windows executable to work, but was not successful building the source distribution).

A file derived from the flowcaml tutorial presented in class.

Lecture 10 (10/27): Midterm exam. In class. Closed book. Blue book exam.

Study questions organized by lecture topic are available in the study guide, mentioned above. Topics included in exam will reflect topics covered in class. Additional study questions based on the first two lectues may be posted here later.
Hand in annotated bibliography for term paper.

Lecture 11 (11/1)Assurance and Evaluation [Hook] pptx

Read: Anderson Chapter 26

Lecture 12 (11/3):

Lecture 13 (11/8): Cryptography, Part 2 [Binkley], if time permits onto next lecture

Lecture 14 (11/10): Authentication, Design Principles, Tempest radiation [Binkley]

Read: Anderson Chapter 2, Chapter 15, Chapter 17
An excellent original source on Design Principles is the 1975 paper by Saltzer and Schroeder. A web version is available http://www.cs.virginia.edu/%7eevans/cs551/saltzer/

Lecture 15 (11/15) – continue previous if not done yet [Binkley]
Lecture 16 (11/17): Malicious Logic [Binkley]

Read: Anderson Chapter 21
You are invited to google on “zlob/dnschanger” which we will talk about a bit

Lecture 17 (11/22): Botnets [Binkley]

Read: http://www.honeynet.org/papers/bots/ (http://www.honeynet.org/papers/webapp is also worth a look)
Read: "An Inside Look at Botnets", Barford, Yegneswaran, Special Workshop on Malware Detection, Advances in Information Security, Springer Verlag, 2006 (find at: http://pages.cs.wisc.edu/~pb/botnets_final.pdf)
RA Chapter 10 may provide some insight (optional)

Lecture 18 (11/24): Intrusion Detection [Binkley]

Read: "An Algorithm for Anomaly-based Botnet Detection," Binkley Singh, USENIX SRUTI, July 2006. note: findable at http://www.cs.pdx.edu/~jrb
Read: "Traffic Analysis of UDP-based flows in Ourmon," Jim Binkley and Divya Parekh, findable at http://www.cs.pdx.edu/~jrb

Lectures 19 (11/29) Network Security [Binkley]

Lecture 20 (12/1) [Binkley]

Read RA Chapter 21 again!!! or finish it.
NB: Term paper due at start of lecture

Final Exam: closed book, no blue book needed.

Additional web resources:

Davis Security Lab Seminal Papers

National Information Assurance Training and Education Center