Syllabus
Topics to be covered in this course (not necessarily in this order):
- Security Model
- Security Goals
- Assets: what we are protecting,
and what we are protecting from, or, what are the security requirements
- Confidentiality
- Integrity
- Availability
- Non-repudiation
- Potential damage -- what are the assets worth;
what happens if something goes wrong
- Threat Model / Assessment
- attacker abilities
- system vulnerabilities
- Security Assumptions
- Physical security (site security)
- Operational security: security audits, disaster recovery,
intrusion resoponse, etc.
- Personnel security
- Cryptographic assumptions: distributed systems require cryptography.
- Security Standards
- TCSEC (Orange Book)
- Common Criteria
- User Authentication
- Passwords (something you know) [RTM Sr]
- Physical tokens (something you have)
- Biometrics (who you are)
- Machine-to-machine authentication
(cryptographic protocols)
- Attacks
- Unintended design: Unix IFS
- Covert channel leakage (Tenex passwords, differential timing/power analysis)
- Namespace security (TOCTOU, /tmp)
- Viruses and worms
- Research papers (TBD)
[
search CSE |
CSE |
bsy's home page |
links |
webster |
MRQE |
google |
yahoo |
citeseer |
certserver
]
bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:51 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.