CS 491/591 Intro to Computer Security
Jim Hook/Jim Binkley
Class meets on Tuesday, Thursday, 4:40 - 6:30pm, Urban 303
Hook Office Hours: Tuesday, 1:00 - 3:00pm, FAB 120
Binkley Office Hours: Thursday, 1:00 - 3:00 pm, FAB 120
á Matt Bishop, Introduction to Computer Security. Addison-Wesley. 2004.
á Ross Anderson, Security Engineering. 2nd Edition. John Wiley and Sons. 2008. See: http://www.cl.cam.ac.uk/~rja14/book.html
á Hook's lecture notes will be linked from this page. They will occasionally be revised.
á Binkley's lecture materials will be at: http://web.cecs.pdx.edu/~jrb/infosec/jrblectures/infosec.lectures.html.
á The user/password for this web page has already been placed in the email archive, so please join it and find the password.
á Material in the ACM portal can be accessed for free from machines on campus (this is based on the PSU IP address). It is possible to get these materials from home using the PSU VPN.
Prerequisites: CS 333 (operating systems), CS 350 (algorithms). No programming needed.
á Midterm: 100 points
á Final: 100 points
á Term Paper: 100 points
á Assignments, Quizzes, Discussion and Class participation: 50 points
á Academic paper bibliography research exercise: 25 points
á Annotated Bibliography: 25 points
Class Mailing List
There is a class mailing list, cs591 at cecs dot pdx dot edu. The web interface is:
Please sign up on the list. Critical announcements about class will be made on this list.
Students Requiring Accommodation:
If you are a student with a disability in need of academic accommodations, you should register with Disability Services for Students and notify the instructor immediately to arrange for support services.
Term Paper Assignment
A term paper is due at the beginning of the last lecture. A title, abstract, annotated bibliography, and outline are due the day of the midterm. See:
class starts Tuesday Sept 30.
PSU academic calendar is at: http://www.pdx.edu/registration/calendar.html#2007-2008
Calendar (with reading assignments):
á Read: Bishop Chapter 1
á Read: Can You Count on Voting Machines?, Clive Thompson, New York Times Magazine, January 6, 2008
á Scan: Ed Felten's blog entries on Freedom to Tinker on election issues. http://freedom-to-tinker.com/tags/voting
á Other interesting links: http://www.verifiedvotingfoundation.org/index.php
á Read: Feldman, Halderman, and Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 2006.
á Read: Bishop Chapters 2 and 3
á Read: Anderson Chapter 1
á Read: Bishop Chapter 4
á Reference: SANS Institute model policies: http://www.sans.org/resources/policies
á Read: James P. Anderson, Computer Security Technology Planning Study: http://seclab.cs.ucdavis.edu/projects/history/papers/ande72a.pdf
á Optional (and very long): Voluntary Voting System Guidelines: http://www.eac.gov/voting systems/voluntary-voting-guidelines/index_html
á Read: David Elliott Bell, Looking Back at the Bell-La Padula Model, http://www.acsac.org/2005/papers/Bell.pdf
á Read: Anderson Chapter 8
á Read Bishop Chapter 5
á Read: Bishop Chapters 6 and 7
á Suggested: Anderson Chapter 10
á Supplemental: Brewer and Nash, , The Chinese Wall Security Policy
á IEEE Symposium on Research in Security and Privacy, May 1989. [This is the original paper; it contains more motivation than the text.]
á NY Times article on NSA spying, Dec 2005, http://www.commondreams.org/headlines05/1216-01.htm
á USA Today article on NSA phone records, May 2006, http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm
á Corinna Cortes, Daryl Pregibon and Chris Volinsky, "Communities of Interest'', The Fourth International Symposium of Intelligent Data Analysis (IDA 2001), 2001 http://homepage.mac.com/corinnacortes/papers/portugal.ps
á Gary M. Weiss (2005). Data Mining in Telecommunications. In O. Maimon and L. Rokach (eds.), Data Mining and Knowledge Discovery Handbook: A Complete Guide for Practitioners and Researchers, Kluwer Academic Publishers, 1189-1201. http://storm.cis.fordham.edu/~gweiss/papers/kluwer04-telecom.pdf
á Read: Bishop Chapter 13
á Read: Anderson Chapter 20 and 22
Lecture 7 (10/21) Confinement and Virtualization [Hook]
á Read: Lampson, 1973, CACM article, available from ACM portal as http://doi.acm.org/10.1145/362375.362389 (TBD: html link is wrong).
á Read: Lipner, 1975, A Comment on the Confinement Problem. http://doi.acm.org/10.1145/800213.806537
á Read: Bishop Chapters 16 and 29
á Read: Intel May 2005 IEEE Computer article on virtualization: ftp://download.intel.com/technology/computing/vptech/vt-ieee-computer-final.pdf (TBD broken link)
á Optional: Kocher, CRYPTO Ô96: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. http://www.cryptography.com/timingattack/paper.html
á Optional: R. Wahbe, S. Lucco, T. Anderson, and S. Graham, Efficient Software-based Fault Isolation, http://www.cs.cornell.edu/home/jgm/cs711sp02/sfi.ps.gz
á Optional: Christopher Small, MiSFIT: A Tool for Constructing Safe Extensible C++ Systems, http://www.dogfish.org/chris/papers/misfit/misfit-ieee.ps
á Optional: Samuel T. King et al., SubVirt: Implementing malware with virtual machines. http://www.eecs.umich.edu/virtual/papers/king06.pdf
Lecture 8 (10/23): Access control and Information flow. ppt
* Read: Bishop Chapters 14 and 15
* Read: Anderson Chapter 4
* Andrei Sabelfeld and Andrew C. Myers, Language-based Information-Flow Security, http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf. Pay particular attention to Section III (Basics of Language-based information flow). Figures 2 and 3 were presented in lecture.
* A file illustrating some issues discussed in class in flowcaml.
1. Denning and Denning, 1977, available from ACM portal: http://portal.acm.org/citation.cfm?doid=359636.359712
2. Vincent Simonet, Flow Caml in a Nutshell at: http://cristal.inria.fr/~simonet/publis/simonet-flowcaml-nutshell.pdf
3. Flow Caml home page: http://cristal.inria.fr/~simonet/soft/flowcaml/ (I got the windows executable to work, but was not successful building the source distribution).
4. A file derived from the flowcaml tutorial presented in class.
Lecture 9 (10/28) Assurance and Evaluation [Hook] ppt
á Read: Bishop Chapters 17 and 18
á Read: Anderson Chapter 26 [Note. Anderson and Bishop present very different perspectives on this topic]
á Another reading will be added on latest DoD "COTs Strategy"
Lecture 10 (10/30): Midterm exam. In class. Closed book. Blue book exam.
Past study questions and exams are provided below. As lectures vary, some questions may be out of scope (not in exam if not in lecture materials) (TBD: Jim Hook to finish)
á Fall 2006 exam pdf. (For Spring 2007 questions 1 and 2 are out of scope.)
á Fall 2006 exam presentation ppt pdf.
á Some new Study Questions for Fall 2006. Some of these questions still need to be refined. (Question 4 is out of scope for Spring 2007)
á Spring 2006 Study Questions for midterm (question 3 is out of scope for Spring 2007).
á Spring 2006 midterm and grading notes pdf pdf handouts. *
á Fall 2005 midterm and grading notes ppt pdf handouts. For Spring 2007 question 7 is out of scope.
Guest Lecture 11/4: Guest Lecture. Hand in annotated bibliography on this day (date has not changed).
Lecture 11 (11/6) Cryptography [Binkley]
* Read: Bishop Chapters 8-10
* Read: Anderson Chapter 3 and 5
November 11 is a university holiday. No class.
Lecture 12 (11/13) Cryptography [Binkley]
Lecture 13 (11/15): Cryptography, Part 2 [Binkley], if time permits onto next lecture
Lecture 14 (11/20): Authentication, Design Principles, Tempest radiation [Binkley]
* Read: Bishop Chapters 11 and 12
* Read: Anderson Chapter 2, Chapter 15, Chapter 17
* An excellent original source on Design Principles is the 1975 paper by Saltzer and Schroeder. A web version is available here
Lecture 15 (11/25): Malicious Logic [Binkley]
* Read: Bishop Chapter 19
We may look at some botnet materials if time permits.
á Read: "An Inside Look at Botnets", Barford, Yegneswaran, Special Workshop on Malware Detection, Advances in Information Security, Springer Verlag, 2006 (find at: http://pages.cs.wisc.edu/~pb/botnets_final.pdf)
Lecture 17 (12/4): Intrusion Detection [Binkley]
á Read: Bishop Chapter 22
á also read: "An Algorithm for Anomaly-based Botnet Detection," Binkley,
Singh, USENIX SRUTI, July 2006. note: findable at http://www.cs.pdx.edu/~jrb
Lecture 19 (12/4) Network Security [Binkley]
á Read RA Chapter 21
á NB: Term paper due at start of lecture
Final Exam: week of Dec 8-13. Tuesday, Dec 9. 1730-1920. closed book, no blue book needed.
Additional web resources: