Traditional OS centralized protection: address spaces, uids, resource management. The Unix security model: file permissions, the super-user, setuid programs, system calls, password security. How networks change the problem space.
Access control
Authorization, policy, access matrix. Subjects and objects. ACLs, capabilities. Rings, lattices. Revocation. Groups. The role of crypto. Distributed access control.
Orange book
TCB, mandatory vs. discretionary access control, compartmentalization, reference monitors, assurance. Covert channels. Trusted path. Why it failed in practice.
Crypto intro
Symmetric key, public key, certificates. Choosing an algorithm. Protocols. Integrity, authenticity confidentiality, availability. Non-repudiation.
Network security
TCP/IP. Attacks on network protocols: address spoofing, hijacking, source routing, SYN floods, smurfing, etc. DNS attacks, routing vulnerabilities. Attacks on network daemons: buffer overruns, logic errors, etc. The Internet Worm. TCP wrappers. Transitive trust.
Philosophy, benefits. Styles: packet filter, application proxying, stateful inspection. Performance, scalability. Fail-safety, assurance. Techniques. Do's and don'ts.
Secure coding practices
High-level: code structure, least privilege, TCB, small interfaces. Low-level: buffer overruns, setuid, untrusted paths, race conditions, environment, etc.
Safe languages
Intro to languages, type-safety. Invariants, writing libraries, writing application code. Java. Pitfalls and experience with Java.
Mobile code
Sandboxing, architectures. ActiveX, Java, Javascript, Janus. Practical experience. Mobile agents.
Kerberos. One of SSH, SSL, PGP, IPSEC. Maybe ATMs, cellphones.
Practical issues
Risk management. Key management. Smartcards. Copy protection. Social engineering.
Anonymity, remailers, rewebbers, etc.
Crypto ``heavy lifting''
Protocols, protocol failures. BAN logic, model-checkers.
Project presentations