Jim Hook and Jim Binkley CS 4/591

Fall 2007

Class Mechanics:

Class meets on Wednesdays, 6:00 -- 9:20pm, in Capital Center 1025.

Hook Office Hours: Monday, 1:00 -- 3:00pm and by appointment.

Binkley Office Hours: Tuesday and Thursday, 1 -- 2 pm

Texts:

• Matt Bishop, Introduction to Computer Security. Addison-Wesley. 2004.
• Ross Anderson, Security Engineering. John Wiley and Sons. 2001. On line at http://www.cl.cam.ac.uk/~rja14/book.html

Lecture Materials:

• Hook's lecture notes will be linked from this page. They will occassionally be revised.
• Binkley's lecture materials will be at: http://web.cecs.pdx.edu/~jrb/infosec/jrblectures/infosec.lectures.html.
  The user/password for this web page has already been placed in the email archive, so please join it and find the password.
• Material in the ACM portal can be accessed for free from machines on campus (this is based on the PSU IP address). It is possible to get these materails from home using the PSU VPN.

Prerequisites: CS 333 (operating systems), CS 350 (algorithms).

Grading:

• Midterm: 100 points
• Final: 100 points
• Term Paper: 100 points
• Assignments, Quizzes, Discussion and Class participation: 50 points
• Annotated Bibliography: 50 points

Class Mailing List

There is a class mailing list, cs591 at cecs dot pdx dot edu. The web interface is:
https://mailhost.cecs.pdx.edu/mailman/listinfo/cs591

Please sign up on the list. Critical announcements about class will be made on this list.

Students Requiring Accommodation:
If you are a student with a disability in need of academic accommodations, you should register with Disability Services for Students and notify the instructor immediately to arrange for support services.

Term Paper Assignment

A term paper is due at the beginning of the last lecture. A title, abstract, annotated bibliography, and outline are due the day of the midterm. Assignment details here.

Calendar (with reading assignments):

Lecture 1a (9/26): Introduction and Overview ppt pdf slides pdf handouts (F07 ppt slides handouts)

• Read: Bishop Chapter 1
• Read: Feldman, Halderman, and Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 2006. link

Lecture 1b (9/26): Access Control ppt pdf slides pdf handouts (F07 ppt slides handouts)

• Read: Bishop Chapters 2 and 3
• Read: Anderson Chapter 1

Lecture 1c (9/26): Bell-La Padula ppt pdf slides pdf handouts (Download Bishop's slides for Chapter 5)

• Read Bishop Chapter 5
• Read: Anderson Chapter 7
• Read: David Elliott Bell, Looking Back at the Bell-La Padula Model, http://www.acsac.org/2005/papers/Bell.pdf

Lecture 2a (10/3) Cryptography [Binkley]

• Read: Bishop Chapters 8 and 9
• Read: Anderson Chapter 2

Lecture 2b (10/3) Cryptography [Binkley]

• Read: Bishop Chapter 10
• Read: Anderson Chapter 5

Lecture 3a (10/10): Policy ppt pdf slides pdf handouts (F07 ppt slides handouts)

• Read: Bishop Chapter 4
• Scan: Voluntary Voting System Guidelines: http://www.eac.gov/vvsg_intro.htm
• Reference: SANS Institute model policies http://www.sans.org/resources/policies/

Lecture 3b (10/10): Integrity Models ppt pdf slides pdf handouts (Download Bishop's slides for Chapters 6 and 7) (F07 ppt slides handouts)

• Read: Bishop Chapters 6 and 7
• Read: Anderson Chapter 8
• Suggested: Anderson Chapter 9
• Supplemental: Brewer and Nash, The Chinese Wall Security Policy, IEEE Symposium on Research in Security and Privacy, May 1989. [This is the original paper; it contains more motivation than the text.]
  

Lecture 3c (10/10): Comments on Identity and Data Mining

• Gary M. Weiss (2005). Data Mining in Telecommunications. In O. Maimon and L. Rokach (eds.), Data Mining and Knowledge Discovery Handbook: A Complete Guide for Practitioners and Researchers, Kluwer Academic Publishers, 1189-1201. http://storm.cis.fordham.edu/~gweiss/papers/kluwer04-telecom.pdf
• Corinna Cortes, Daryl Pregibon and Chris Volinsky, "Communities of Interest'', The Fourth International Symposium of Intelligent Data Analysis (IDA 2001), 2001. http://homepage.mac.com/corinnacortes/papers/portugal.ps
  

Lecture 4a (10/17): Confinement and Virtualization [Hook]

• Hook slides ppt pdf pdf handouts (F07 ppt slides handouts)
• Corrected version of Bishop Chapter 16 slides (one update from errata, one revision) ppt pdf pdf handouts
• Read: Lampson, 1973, CACM article, available from ACM portal as http://doi.acm.org/10.1145/362375.362389 and in html.
• Read: Bishop Chapters 16 and 29
• Read: Intel May 2005 IEEE Computer article on virtualization: ftp://download.intel.com/technology/computing/vptech/vt-ieee-computer-final.pdf

Lecture 4b (10/17): Access control and Information flow. Download Bishop's slides for Chapter 15
Note: there are a few extra }'s and one slide is repeated. ppt pdf slides pdf handouts. (F07 ppt slides handouts)

• Read: Bishop Chapters 14 and 15
• Read: Anderson Chapter 4
• Andrei Sabelfeld and Andrew C. Myers, Language-based Information-Flow Security, http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf. Pay particular attention to Section III (Basics of Language-based information flow). Figures 2 and 3 were presented in lecture.
• A file illustrating some issues discussed in class in flowcaml.

Supplementary material:

1. Denning and Denning, 1977, available from ACM portal.
2. Vincent Simonet, Flow Caml in a Nutshell.
3. Flow Caml home page (I got the windows executable to work, but was not successful building the source distribution).
4. A file derived from the flowcaml tutorial presented in class.

Lecture 5 (10/24): Midterm exam. In class. Closed book. Blue book exam.

Hand in annotated bibliography for term paper.

Past study questions and exams are provided below.

• Winter 2007 midterm
• Winter 2007 I also gave the final
• Fall 2006 exam pdf. (For Spring 2007 questions 1 and 2 are out of scope.)
• Fall 2006 exam presentation ppt pdf.
• Some new Study Questions for Fall 2006. Some of these questions still need to be refined. (Question 4 is out of scope for Spring 2007)
• Spring 2006 Study Questions for midterm (question 3 is out of scope for Spring 2007).
• Spring 2006 midterm and grading notes pdf pdf handouts. For Spring 2007 questions 5, 9 and 10 are out of scope.
• Fall 2005 midterm and grading notes ppt pdf handouts. For Spring 2007 question 7 is out of scope.

Lecture 6a (10/31): Cryptography, Part 2 [Binkley]

Lecture 6b (10/31): Authentication and Design Principles [Binkley]

• Read: Bishop Chapters 11 and 12
• Read: Anderson Chapter 3
• An excellent original source on Design Principles is the 1975 paper by Saltzer and Schroeder. A web version is available here.

Identity, Public Policy, Data mining, Privacy

• Read: Bishop Chapter 12 and 13
• Read: Anderson Chapter 17 and 21

Lecture 7 (11/7): Assurance and Evaluation [Hook]

• Read: Bishop Chapters 17 and 18
• Read: Anderson Chapter 23 [Note. Anderson and Bishop present very different perspectives on this topic]
• Part of the lecture will be a guest presentation by Dylan McNamee of Galois, Inc.

Lecture 8a (11/14): Malicious Logic [Binkley]

• Read: Bishop Chapter 19
• Read: Anderson Chapter 18

Lecture 8b (11/14): Botnets

• Lecture materials will be prepared later
• Read: http://www.honeynet.org/papers/bots/
• Read: "An Inside Look at Botnets", Barford, Yegneswaran, Special Workshop on Malware Detection, Advances in Information Security, Springer Verlag, 2006
  (find at: http://pages.cs.wisc.edu/~pb/botnets_final.pdf)

Lecture 9a (11/21): Intrusion Detection [Binkley]

• Read: Bishop Chapter 22
• Note bibliography on Intrusion Detection at:
  http://www.cerias.purdue.edu/about/history/coast_resources/idcontent/ids_bib.html

Lecture 9b (11/21): Ourmon and Snort; examples of Intrustion Detection; Network Security [Binkley]

• "Ourmon and Network Monitoring Performance",
  Binkley, Massey, April 2005 Freenix/USENIX paper
• "An Algorithm for Anomaly-based Botnet Detection," Binkley,
  Singh, USENIX SRUTI, July 2006.
• note: both papers are findable at http://www.cs.pdx.edu/~jrb
• A snort handout will be given out in class.
• Read: (network security) Anderson,
  Chapter 17, Chapter 18 if you haven't read it yet.

Lecture 10a (11/28) Network Security, continued. [Binkley]

Lecture 10b (11/28) miscellaneous including as time permits:

• 1. Tempest Radiation
• Read: Ross Anderson, Chapter 15
• 2. Assurance/Evaluation
• Read: Ross Anderson, Chapter 23.

• NB: Term paper due at start of lecture

Final Exam: Weds, Dec. 5, 19:30-21:20, closed book, no blue book needed.

Additional web resources:

National Information Assurance Training and Education Center

Bishop's slides by chapter