Jim Hook CS 4/591
Class meets on Tuesdays and Thursdays, 6:00 -- 7:50pm, in Cramer Hall 283.
Office Hours: Mondays, 1:00 -- 3:00pm, FAB 120-05.
Prerequisites: CS 333 (operating systems), CS 350 (algorithms).
- Midterm: 100 points
- Final: 100 points
- Term Paper: 100 points
- Assignments, Quizzes, Discussion and Class participation: 50 points
- Annotated Bibliography: 50 points
Class Mailing List
There is a class mailing list, infosec at cecs dot pdx dot edu. The web interface is:
Please sign up on the list. Critical announcements about class will be made on this list.
Students Requiring Accommodation:
If you are a student with a disability in need of academic accommodations, you should register with Disability Services for Students and notify the instructor immediately to arrange for support services.
Term Paper Assignment
A term paper is due at the beginning of the last lecture. A title, abstract, annotated bibliography, and outline are due the day of the midterm. Assignment details here.
Calendar (with reading assignments): [Revised 1/22/07]
Lecture 1 (1/9): Introduction and Overview ppt pdf slides pdf handouts
- Read: Bishop Chapter 1
- Read: Feldman, Halderman, and Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 2006. link
Lecture 2 (1/11): Access Control ppt pdf slides pdf handouts
- Read: Bishop Chapters 2 and 3
- Read: Anderson Chapter 1
Lecture 3 (1/16): Canceled due to inclement weather.
Lecture 4 (1/18): Guest lecture on BotNets by Jim Binkley
Lecture 5 (1/23): Policy ppt pdf slides pdf handouts
Lecture 6 (1/25): Bell-La Padula ppt pdf slides pdf handouts (Download Bishop's slides for Chapter 5)
Lecture 7 (1/30) [Guest lecture by Professor Jim Binkley]: Cryptography
- Read: Bishop Chapters 8 and 9
- Read: Anderson Chapter 2
Lecture 8 (2/1): Integrity Models ppt pdf slides pdf handouts (Download Bishop's slides for Chapters 6 and 7)
- Read: Bishop Chapters 6 and 7
- Read: Anderson Chapter 8
- Suggested: Anderson Chapter 9
- Supplemental: Brewer and Nash, The Chinese Wall Security Policy, IEEE Symposium on Research in Security and Privacy, May 1989. [This is the original paper; it contains more motivation than the text.]
Lecture 9 (2/6): Cryptography ppt pdf
- Read: Bishop Chapter 10
- Read: Anderson Chapter 5
Lecture 10 (2/8): Cryptography ppt pdf
Lecture 11 (2/13): Midterm exam. In class. Closed book. Blue book exam.
Hand in annotated bibliography for term paper.
Past study questions and exams are provided below.
- Fall 2006 exam pdf. (For Spring 2007 questions 1 and 2 are out of scope.)
- Fall 2006 exam presentation ppt pdf.
- Some new Study Questions for Fall 2006. Some of these questions still need to be refined. (Question 4 is out of scope for Spring 2007)
- Spring 2006 Study Questions for midterm (question 3 is out of scope for Spring 2007).
- Spring 2006 midterm and grading notes pdf pdf handouts. For Spring 2007 questions 5, 9 and 10 are out of scope.
- Fall 2005 midterm and grading notes ppt pdf handouts. For Spring 2007 question 7 is out of scope.
- Please bring a "blue book" (available from the bookstore) to the exam
- Please come to the PSU campus location to take the exam.
Lecture 12 (2/15): Authentication and Design Principles
- Read: Bishop Chapters 11 and 12
- Read: Anderson Chapter 3
- An excellent original source on Design Principles is the 1975 paper by Saltzer and Schroeder. A web version is available here.
Lecture 13 (2/20): Identity, Public Policy, Data mining, Privacy
Lecture 14 (2/22): Access control and Information flow. Download Bishop's slides for Chapter 15
Note: there are a few extra }'s and one slide is repeated.
- Read: Bishop Chapters 14 and 15
- Read: Anderson Chapter 4
- Denning and Denning, 1977, available from ACM portal.
- Vincent Simonet, Flow Caml in a Nutshell.
- Flow Caml home page (I got the windows executable to work, but was not successful building the source distribution).
- A file derived from the flowcaml tutorial presented in class.
Lecture 15 (2/27): Information Flow follow up ppt pdf slides pdf handouts.
- Andrei Sabelfeld and Andrew C. Myers, Language-based Information-Flow Security, http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf. Pay particular attention to Section III (Basics of Language-based information flow). Figures 2 and 3 were presented in lecture.
- A file illustrating some issues discussed in class in flowcaml.
Lecture 16 (3/1): Confinement and Virtualization
Lecture 17 (3/6): Assurance ppt pdf slides pdf handouts (Download Bishop's slides for Chapter 17) and Evaluation ppt pdf slides pdf handouts (Download Bishop's slides for Chapter 18)
- Read: Bishop Chapters 17 and 18
- Read: Anderson Chapter 23
Lecture 18 (3/8): Malicious Logic
- Read: Bishop Chapter 19
- Read: Anderson Chapter 18
Lecture 19 (3/13): Intrusion Detection
Lecture 20 (3/15): Network Security
- Read: Bishop Chapter 23
- Read: Anderson Chapter 6 [move this earlier?]
- NB: Term paper due at start of lecture
Final Exam: Tuesday, March 20, 7:30 - 9:20pm.
Additional web resources:
National Information Assurance Training and Education Center
Bishop's slides by chapter