Syllabus

Protection

Traditional OS centralized protection: address spaces, uids, resource management. The Unix security model: file permissions, the super-user, setuid programs, system calls, password security. How networks change the problem space.

Access control

Authorization, policy, access matrix. Subjects and objects. ACLs, capabilities. Rings, lattices. Revocation. Groups. The role of crypto. Distributed access control.

Orange book

TCB, mandatory vs. discretionary access control, compartmentalization, reference monitors, assurance. Covert channels. Trusted path. Why it failed in practice.

Crypto intro

Symmetric key, public key, certificates. Choosing an algorithm. Protocols. Integrity, authenticity confidentiality, availability. Non-repudiation.

Network security

TCP/IP. Attacks on network protocols: address spoofing, hijacking, source routing, SYN floods, smurfing, etc. DNS attacks, routing vulnerabilities. Attacks on network daemons: buffer overruns, logic errors, etc. The Internet Worm. TCP wrappers. Transitive trust.

Firewalls

Philosophy, benefits. Styles: packet filter, application proxying, stateful inspection. Performance, scalability. Fail-safety, assurance. Techniques. Do's and don'ts.

Secure coding practices

High-level: code structure, least privilege, TCB, small interfaces. Low-level: buffer overruns, setuid, untrusted paths, race conditions, environment, etc.

Safe languages

Intro to languages, type-safety. Invariants, writing libraries, writing application code. Java. Pitfalls and experience with Java.

Mobile code

Sandboxing, architectures. ActiveX, Java, Javascript, Janus. Practical experience. Mobile agents.

Systems

Kerberos. One of SSH, SSL, PGP, IPSEC. Maybe ATMs, cellphones.

Practical issues

Risk management. Key management. Smartcards. Copy protection. Social engineering.

Privacy

Anonymity, remailers, rewebbers, etc.

Crypto ``heavy lifting''

Protocols, protocol failures. BAN logic, model-checkers.

Project presentations