- Traditional OS centralized protection: address spaces,
uids, resource management. The Unix security model:
file permissions, the super-user, setuid programs,
system calls, password security.
How networks change the problem space.
- Access control
- Authorization, policy, access matrix. Subjects and objects.
ACLs, capabilities. Rings, lattices. Revocation. Groups.
The role of crypto. Distributed access control.
- Orange book
- TCB, mandatory vs. discretionary access control,
compartmentalization, reference monitors, assurance.
Covert channels. Trusted path. Why it failed in practice.
- Crypto intro
- Symmetric key, public key, certificates. Choosing
an algorithm. Protocols.
Integrity, authenticity confidentiality, availability.
- Network security
- TCP/IP. Attacks on network protocols: address spoofing,
hijacking, source routing, SYN floods, smurfing, etc.
DNS attacks, routing vulnerabilities. Attacks on network
daemons: buffer overruns, logic errors, etc.
The Internet Worm. TCP wrappers. Transitive trust.
- Philosophy, benefits. Styles: packet filter, application
proxying, stateful inspection. Performance, scalability.
Fail-safety, assurance. Techniques. Do's and don'ts.
- Secure coding practices
- High-level: code structure, least privilege, TCB, small
interfaces. Low-level: buffer overruns, setuid, untrusted
paths, race conditions, environment, etc.
- Safe languages
- Intro to languages, type-safety. Invariants, writing
libraries, writing application code. Java. Pitfalls
and experience with Java.
- Mobile code
Practical experience. Mobile agents.
One of SSH, SSL, PGP, IPSEC.
Maybe ATMs, cellphones.
- Practical issues
- Risk management. Key management. Smartcards. Copy protection.
- Anonymity, remailers, rewebbers, etc.
- Crypto ``heavy lifting''
- Protocols, protocol failures. BAN logic, model-checkers.
- Project presentations