Syllabus

Topics to be covered in this course (not necessarily in this order):

Security Model
- Security Goals
  - Assets: what we are protecting, and what we are protecting from, or, what are the security requirements
    - Confidentiality
    - Integrity
    - Availability
    - Non-repudiation
  - Potential damage -- what are the assets worth; what happens if something goes wrong
- Threat Model / Assessment
  - attacker abilities
  - system vulnerabilities
- Security Assumptions
  - Physical security (site security)
  - Operational security: security audits, disaster recovery, intrusion resoponse, etc.
  - Personnel security
  - Cryptographic assumptions: distributed systems require cryptography.
Security Standards
- TCSEC (Orange Book)
- Common Criteria
User Authentication
- Passwords (something you know) [RTM Sr]
- Physical tokens (something you have)
- Biometrics (who you are)
Machine-to-machine authentication (cryptographic protocols)
Attacks
- Unintended design: Unix IFS
- Covert channel leakage (Tenex passwords, differential timing/power analysis)
- Namespace security (TOCTOU, /tmp)
- Viruses and worms
Research papers (TBD)

bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:51 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.