CS 6238 Secure
Computer Systems
Spring 2008
General Course Information
Instructor: Mustaque Ahamad
Office Hours: WF 11-12 noon or by appointment.
Teaching Assistant: Yu Liu, yuliu@cc.gatech.edu,
Office Hours: 1-3pm, Friday,Klaus 1305.
Room and time: 9:35-10:55 TTh, ES&T
L1205
Course Description
Applications and services are supported by software platforms such as operating systems and databases. Secure execution of such applications depends on the trust assumptions that can be made about the underlying system. By providing right mechanisms for protecting information and other resources, operating systems and databases can facilitate the development of secure applications. A uniform approach for exploring security support in operating systems and databases is attractive because both types of systems must offer similar mechanisms to mediate access to protected information. This course will take such an approach and it will explore problems such as authentication and access control that are traditionally handled at the system level. Students will also gain in depth understanding of the implementations of mechanisms that address these problems and security policies that can be supported by them. System level security issues in distributed systems will be covered as well.
Textbooks
Many of the course topics will cover material from research papers. We will also use parts of Morrie Gasser's book on building secure computer systems. An online copy of this book is available here.
Web Announcements
Course Schedule
Week 1: The why, what and how of secure computing systems.
Why?
A
National Strategy to Secure Cyber Space
Reflections on Trusting Trust
What?
Chapter 1 of Gasser book.
The Orange Book
Trusted Computing Group
How?
Course roadmap.
Week 2: Design principles and low level mechanisms
Design principles
The protection of information in computer systems
Memory protection, hardware level support and
virtualization
Introduction to
Virtual Machines
Intra-Address Space
Protection Using Segmentation Hardware
A
Secure and Reliable Bootstrap Architecture
Xen and the Art of Virtualization
Week 3-4: Authentication
Passwords, pin protected cards, one time passwords,
biometrics etc.
Password Hardening
Based on Keystroke Dynamics
The S/Key One-time Password System
Weeks 5-8: Access control and authorization
Discretionary access control: Access control lists (ACLs) and capabilities, implementation of access control (Multics, Unix, Java), capabilities in Hydra, confinement and revocation.
Protection
Going
Beyond the Sandbox: New Security Architectures in JDK 1.2
Improving
the Granularity of Access Control in Windows NT, ACM SACMAT, 2001.
Multics Home
Page
Protection in the Hydra System
EROS: A Fast
Capability System
Mandatory access control: Models and their implementation
Bell and La Padula Report -- Secure Computer Systems
MAC Implementation in SELinux
Role-based Access
Control (RBAC)
Clark-Wilson and Chinese wall security policies
Information Flow Models
A
Decentralized Model for Information Flow
Week 10: Trojan horses and covert channels
A note on the confinement problem
NCSC
Guide to Understanding Covert Channel Analysis
Weeks 11: Security Kernels
Chapter 10 of Gasser's book.
Security kernel design and implementation: an introduction, IEEE Computer, July
1983.
PSOS Operating System
Weeks 12-13: Distributed Systems Security
Authentication
for Distributed Systems
A
Global Authentication Service without Global Trust
Authentication
in Distributed Systems: Theory and Practice
Trust Management
Decentralized
User Authentication in a Global File System
Week 14-15: Secure Database Systems
SeaView Model by Denning and Lunt
(available from IEEE xplore databases)
Recovering from malicious transactions by Ammann, Jajodia and Liu
Homework
1. Homework I Due Date: February 19 midnight, 2008
Project
1. Project 1 Due Date: March 13 midnight, 2008
Please send your attached file to this email: ericliu.gatech@gmail.com, including PDF report.
2. Project 2 Due Date: April 25 midnight, 2008
Please send your attached file to this email: ericliu.gatech@gmail.com, including PDF report.
Feel free to send me an email for the score of the homework and project.
Grading
Two exams (midterm and final) will be 70% of the total course
grade. The rest of the credit will be for class participation, homework
assignments, projects and a term paper. Since an operating systems course is a
prerequisite for this course, students are expected to have excellent systems
programming skills. Linux and Java will be used as platforms for the projects
that are planned for the course. There will be two projects that will be 20% of
the total grade. Homework assignments and class participation will be the
remaining 10% of the course grade.