PhD CS – Information Security Body of Knowledge

The exam tests students' knowledge in the area of information security including network, system and software security and cryptography. There may be 7-9 questions. The exam will specify how much is each question worth and what is the passing score. The exam may specify questions that are mandatory to answer. The exam may contain questions which are not explicitely addressed in any paper or textbook. The scope of the topics and suggested references for each area are provided below.

Network Security


  • IP Security, Transport Layer Security (e.g., TLS), Application-layer security (e.g., SET)
  • Infrastructure security: e.g., DNS and Routing (BGP) security Denial-of-Service Attacks
  • Intrusion Detection and Prevention Systems
  • Wireless Security
  • Malware, worms, and botnets

Suggested references:

Material covered in CS 6262: Network Security course taught in the last 3 years ( and the following papers:

  • S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical Network Support for IP Traceback", in Proceedings of ACM SIGCOMM, 2000.
  • S. Bellovin, "Security Problems in the TCP/IP Protocol Suite", Computer Communication Review, 19(2), 1989.
  • D. Denning, "An Intrusion-Detection Model", in Proceedings of the 1986 IEEE Computer Society Symposium on Research in Security and Privacy, 1986
  • S. Axelsson, "The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection", in Proceedings of the 6th ACM Conference on Computer and Communications Security, 1999.
  • V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time", Computer Networks, 31(23-24), 1999.
  • Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. T. H. Ptacek and T. N. Newsham. Technical Report. 1998.
  • The SRI IDES Statistical Anomaly Detector. H. S. Javitz and A. Valdes. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 1991.
  • A Sense of Self for Unix Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. 1996.
  • Intrusion Detection via Static Analysis. D. Wagner and D. Dean. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 2001.
  • Formalizing Sensitivity in Static Analysis for Intrusion Detection. Henry H. Feng, Jonathon T. Giffin, Yong Huang, Somesh Jha, Wenke Lee, and Barton P. Miller
  • In Proceedings of The 2004 IEEE Symposium on Security and Privacy, Oakland, CA, May 2004.
  • Polymorphic Blending Attacks. Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, and Wenke Lee. In Proceedings of The 15th USENIX Security Symposium (SECURITY '06) , Vancouver, B.C., Canada, August 2006.
  • How to 0wn the Internet in Your Spare Time. Stuart Staniford, Vern Paxson, and Nicholas Weaver. In Proceedings of the 11th USENIX Security Symposium, 2002.
  • Modeling Botnet Propagation Using Time Zones. David Dagon, Cliff Zou, and Wenke Lee. In Proceedings of The 13th Annual Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA, February 2006.
  • BotMiner: Clustering Analysis of Network TrafÔ¨Åc for Protocol- and Structure-Independent Botnet Detection. Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. In Proceedings of The 17th USENIX Security Symposium (Security'08), San Jose, CA, July 2008.
  • P. Traynor, W. Enck, P. McDaniel and T. La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks, Journal of Computer Security (JCS), 2008.
  • A. Bittau, M. Handley and J. Lackey, The Final Nail in WEP's Coffin, Proceedings of the IEEE Symposium on Security and Privacy, 2006.
  • Read reports on DNS cache poisoning attacks and BGP prefix hijacking attacks.



  • Block ciphers. Pseudorandom functions and permutations.
  • Symmetric encryption. Encryption modes. Security notions.
  • Message authentication. MACs. Security of MACs.
  • Authenticated encryption.
  • Implementation pitfalls.
  • Hash functions.
  • Basics of number theory.
  • Discrete logarithm, RSA function and related assumptions.
  • Public-key encryption and its security.
  • Hybrid encryption.
  • Digital signatures.

Suggested references:

  • Material covered in CS 6260: Applied Cryptography course taught in the last 3 years, including the lecture notes by Bellare and Rogaway and the course's lecture slides. Links are available from here.

OS Security


Design principles of secure systems

  • The protection of information in computer systems
  • More recent work on memory protection.. Intra-Address Space Protection Using Segmentation Hardware


  • Passwords, pin protected cards, one time passwords, biometrics etc.
  • Password Security: A Case History
  • Unix Password Security: 10 Years Later
  • The Design and Analysis of Graphical Passwords
  • The S/Key One-time Password System
  • Password Hardening Based on Keystroke Dynamics

Access control and authorization

  • Discretionary access control
    • Access control lists (ACLs) and capabilities, implementation of access control (Multics, Unix, Java), capabilities in Hydra, confinement and revocation.
    • Protection
    • Going Beyond the Sanbox: New Security Architectures in JDK 1.2
    • Improving the Granularity of Access Control in Windows NT, ACM SACMAT, 2001.
    • Multics Home Page
    • EROS: A Fast Capability System
  • Mandatory access control
    • MAC models and their implementation
    • Bell and La Padula Report -- Secure Computer Systems
    • Providing Policy Control Over Object Operations in a Mach Based System
    • Role-based Access Control (RBAC)
  •  Other Models
    • Information Flow Models
    • A Decentralized Model for Information Flow
    • Clark-Wilson and Chinese Wall security policies
  • Trojan horses and covert channels
    • A note on the confinement problem
    • Authentication for Distributed Systems
    • A Global Authentication Service without Global Trust

Suggested references:

  • Material covered in CS6238; System Security.
  • S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In IEEE Symposium on Security and Privacy, Oakland, California, May 1996.