Computer Security: 2008-2009
Information
|
Lecturer |
|
|
Degrees |
Schedule B2 — Honour School of Computer Science Schedule B2 — Honour School of Mathematics and Computer Science ECS Part II — MEng Engineering and Computing Science |
|
Term |
Michaelmas Term 2008 (16 lectures) |
Links
oxford-security discussion group
Overview
Security is a major topic in Computer Science, with far-reaching implications in an increasingly networked world. This course covers some of the fundamental principles of computer security.Learning outcomes
At the end of the course, the student will:
- understand the need for, and the different aspects of, computer security;
- understand some of the technical solutions;
- be able to reason rigorously about proposed security architectures.
This is a course for Computer Scientists, not System Administrators: don't expect to learn how to build "secure" websites, nor how to install firewalls; do expect to learn the underlying principles.
Synopsis
Introduction (1). The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security).
Operating system security (2). Operating system integrity; password cracking; stack overflow and other common attacks; access control, Bell-LaPadula model, Biba model; viruses and Trojan horses; Unix and Windows security; Digital Rights Management
Cryptography (3). Symmetric and asymmetric encryption; electronic signatures; hashing. Encryption algorithms: AES, RSA; stream, and block ciphers; block cipher modes. Characteristics of good ciphers. Potential attacks, such as the birthday attack. Blind signatures.
Security Protocols (3). Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange. Dangers of key compromise. Prudent practices for protocol design. Key management.
Cyber Security (2). End-to-end architecture; Web security and the local area security; Public-key infrastructure; certification and revocation; secure-sockets layer
Pervasive Security (2). Peer-to-peer architecture; pervasive computation from Memex to smart spaces; multi-channel protocols; bootstrapping authentication from low-bandwidth channels.
Voting and ranking security (3). Secure elections; basic ideas of Multi-Party Computation; search ranking, search economics, web fraud; sponsored auctions; reputation, trust, risk and economics of security
(The number in parentheses indicates how many lectures I expect to devote to each part. This may, however, be adjusted as we go, depending on the interest, prerequisites, and other factors.)
This course has an average of 0.5 hours of practical work each week.
Syllabus
Aspects of security, security models, operating systems security, cryptography, security protocols, security and the world wide web.Reading list
Unfortunately there is no course book that really covers the syllabus. However, the following might be useful.- Bruce Schneier. Applied Cryptography: Protocols, Algorithms, and Source in C. Wiley, 1995. A classic. Pleasant to read, but a bit dated, and not completely reliable in details.
- Charlie Kaufman, Radia Perlman and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall 2002. Balanced textbook, written with in an easy, amusing style. Covers the most important topics of the course.
- Ross Anderson. Security Engineering. Second Edition. Wiley, 2008. An impressive scope of the material, but treated, as the title says, from an engineering point of view, which is not the intent of our course. Very informative reading, though.
- Peter Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe and Bill Roscoe. Modelling and Analysis of Security Protocols. Addison Wesley, 2001. A formal look at protocols, suitable for those familiar with CSP.
- Wenbo Mao. Modern Cryptography - Theory & Practice. Prentice Hall 2004. A broad and accessible overview of the cryptographic aspects of security.