CS 6238 Secure Computer Systems
Fall 2001

Instructor:  Mustaque Ahamad
Office Hours: MW 1-2pm or by appointment.

Teaching Assistant:  Michael Covington (covingto@cc)

Room and time:  260 Architecture (New),  MWF 2:05-2:55 pm
 

Applications are enabled by software systems such as operating systems and databases.  Secure execution of such applications depends on what trust assumptions can be made about the underlying systems. By providing right mechanisms for protecting information and other resources, operating systems and databases can facilitate and encourage the development of secure applications. An integrated approach for building secure operating systems and databases is attractive because both types of systems share many common mechanisms to mediate access to protected information.  This course will take such an approach and it will address security problems such as authentication and authorization. Students will also gain in depth  understanding of the implementations of mechanisms that address these problems.

Many of the course topics will cover material from research papers. We will also use Morrie Gasser's book on building secure computer systems. This book will be available from  the reserve desk in the library.

Week 1:  The why, what and how of secure computing systems.
 
         Why?
Trust in Cyberspace

 President's Commission on Critical Infrastructure Protection Report

Reflections on Trusting Trust

The inevitability of failure: The flawed assumption of security in modern computing systems
 

What?
Chapter 1 of Gasser book.  The Orange Book
How?
Road map of the course.
Week 2: Design principles of secure systems
 
 The protection of information in computer systems
  More recent work on memory protection.. Intra-Address Space Protection Using Segmentation Hardware


Week 3: Authentication
 

Passwords, pin protected cards, one time passwords, biometrics etc.

Password Security: A Case History

Unix Password Security: 10 Years Later

The Design and Analysis of Graphical Passwords

The S/Key One-time Password System <

 Password Hardening Based on Keystroke Dynamics
 

Weeks 4-8: Access control and authorization
 
Discretionary access control
Access control lists (ACLs) and capabilities, implementation of access control (Multics, Unix, Java), capabilities in Hydra, confinement and revocation.
Protection

Going Beyond the Sanbox: New Security Architectures in JDK 1.2

Improving the Granularity of Access Control in Windows NT, ACM SACMAT, 2001.

 Multics Home Page

 EROS: A Fast Capability System
 

Mandatory access control
                MAC models and their implementation
 
 Bell and La Padula Report -- Secure Computer Systems

 Providing Policy Control Over Object Operations in a Mach Based System

 
 Role-based Access Control (RBAC)


Other Models

               Information Flow Models
  A Decentralized Model for Information Flow
 

Clark-Wilson and Chinese Wall security policies
Week 9: Trojan horses and covert channels

                                 A note on the confinement problem
 

                                  NCSC Guide to Understanding Covert Channel Analysis

Weeks 10: Security Kernels

                    Chapter  10 of Gasser's book.
                    Security kernel design and implementation: an introduction, IEEE Computer, July 1983.

Weeks 11-12: Distributed Systems Security

                         Authentication and access control in distributed systems

 
Authentication for Distributed Systems

A Global Authentication Service without Global Trust

            Access Control in an Open Distributed Environment

            Separating key management from file system security


Week 13-15:  Secure Database Systems

                                    SeaView Model by Denning and Lunt (available from IEEE xplore database)
                                    Recovering from malicious transactions by Ammann, Jajodia and Liu

 

Two exams (midterm and final) will be 50% of the total course grade. The rest of the credit will be given for class participation, homeworks, projects and a term paper. Since an operating systems course is a prerequisite for this course, students are expected to have good systems programming skills. Linux and Java will be used as platforms for the projects that are planned for the course.
 

Homeworks and Projects

 Programming Project I

  Homework I

 Programming Project II