Jim Hook CS 4/591
Class meets on Tuesday, Thursday, 4:40 -- 6:30pm, FAB 40-07.
Hook Office Hours: Wednesdays, 2-4pm (no arrivals after 3:30 please) or by appointment, FAB 120-05.
- Notes and readings will be linked from this page.
Notes are under continous revision; expect changes.
- Material in the ACM portal can be accessed for free from machines on campus (this is based on the PSU IP address). It is possible to get these materails from home using the PSU VPN or the library proxy server.
Prerequisites: CS 333 (operating systems), CS 350 (algorithms).
- Midterm: 100 points
- Final: 100 points
- Term Paper: 100 points
- Assignments, Quizzes, Discussion and Class participation: 50 points
- Annotated Bibliography: 50 points
Class Mailing List
There is a class mailing list, cs591 at cecs dot pdx dot edu. The web interface is:
Warning: In the mailing list confirmation protocol your password will be sent back to you in plain text!
Please sign up on the list. Critical announcements about class will be made on this list.
Students Requiring Accommodation
If you are a student with a disability in need of academic accommodations, you should register with Disability Services for Students and notify the instructor immediately to arrange for support services.
Term Paper Assignment
A term paper is due at the beginning of the last lecture. A title, abstract, annotated bibliography, and outline are due the day of the midterm. Assignment details here.
Calendar with reading assignments, subject to change:
Lecture 1 (1/10): Syllabus, Expectations, Overview, Usability (slides; handouts)
- Read: Anderson Chapter 1
- Study Questions: Please note that past mid-term questions have been arranged by topic, roughly paralleling lectures in the first half of the course. They are available in this study guide.
Lecture 2 (1/12): Usability, Social Context (slides)
Lecture 3 (1/17): Electronic Voting and Access Control (slides)
Lecture 4 (1/19): Access Control Policies: Bell-LaPadula and Biba (slides)
Lecture 5 (1/24): Cryptographic Concepts: Definitions, Basic Concepts, Properties pptx
- Read: Anderson Chapter 5
Lecture 6 (1/26): Cryptographic Concepts: Asymmetric Crypto, Applications pptx
Lecture 7 (1/31): More Crypto pptx
- Read: Anderson Chapter 3
- Supplemental links on KeeLoq
Lecture 8: (2/2): Multilateral Security and Integrity pptx
Lecture 9 (2/7): Integrity, Fraud, Identity and Data Mining pptx
Lecture 10 (2/9): Midterm exam
- Study questions organized by lecture topic are available in the study guide, mentioned above. Topics included in exam will reflect topics covered in class. Additional study questions based on the first two lectues may be posted here later.
- Hand in annotated bibliography for term paper.
Lecture 11 (2/14): Network Attack and Defense 1 pptx
- Read: Anderson Chapter 21
Lecture 12 (2/16): Network Attack and Defense 2 pptx JRB botnets (password required)
- Read: Anderson Chapter 21 (remainder)
Lecture 13 (2/21): Information Warfare pptx
Lecture 14 (2/23): Telecom Security, Data Mining pptx
- Read: Anderson Chapter 20, 24 (Surveillance)
- Corinna Cortes, Daryl Pregibon and Chris Volinsky, "Communities of Interest'', The Fourth International Symposium of Intelligent Data Analysis (IDA 2001), 2001. http://homepage.mac.com/corinnacortes/papers/portugal.ps
- Gary M. Weiss (2005). Data Mining in Telecommunications. In O. Maimon and L. Rokach (eds.), Data Mining and Knowledge Discovery Handbook: A Complete Guide for Practitioners and Researchers, Kluwer Academic Publishers, 1189-1201. http://storm.cis.fordham.edu/~gweiss/papers/kluwer04-telecom.pdf
- NY Times article on NSA spying, Dec 2005, http://www.commondreams.org/headlines05/1216-01.htm
- USA Today article on NSA phone records, May 2006, http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm
Lecture 15 (2/28) Information flow pptx
- Andrei Sabelfeld and Andrew C. Myers, Language-based Information-Flow Security, http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf. Pay particular attention to Section III (Basics of Language-based information flow). Figures 2 and 3 were presented in lecture.
- A file illustrating some issues discussed in class in flowcaml.
- Denning and Denning, 1977, available from ACM portal.
- Vincent Simonet, Flow Caml in a Nutshell.
- Flow Caml home page (I got the windows executable to work, but was not successful building the source distribution).
- A file derived from the flowcaml tutorial presented in class
Lecture 16 (3/1): Design Principles pptx
Lecture 17 (3/6): Android Security research at Galois, Dave Archer, guest lecture
- Approaches to securing apps on Android:
- Separation kernels: www.csl.sri.com/papers/sosp81/sosp81.pdf
Lecture 18 (3/8): Evaluation and Assurance pptx
Lecture 19 (3/13): Student paper presentations pptx
Lecture 20 (3/15): Review. Term papers due. pptx
Final Exam: 20 March, 5:30 to 7:20pm, closed book, blue book exam.