Skip to main content
University of Oxford Department of Computer Science
  Contact Us     Search  
  1. Home
  2. Student Space
  3. Courses
  4. Computer Security

Computer Security:  2008-2009

Lecturer

Dusko Pavlovic

Degrees

Schedule B2Computer Science

Schedule B2Mathematics and Computer Science

ECS Part IIMEng Engineering and Computing Science

Schedule BMSc in Advanced Computer Science

MSc by Research

Term

Michaelmas Term 2008  (16 lectures)

Links

oxford-security discussion group

Overview

Security is a major topic in Computer Science, with far-reaching implications in an increasingly networked world. This course covers some of the fundamental principles of computer security.

Learning outcomes

At the end of the course, the student will:

  • understand the need for, and the different aspects of, computer security;
  • understand some of the technical solutions;
  • be able to reason rigorously about proposed security architectures.

This is a course for Computer Scientists, not System Administrators: don't expect to learn how to build "secure" websites, nor how to install firewalls; do expect to learn the underlying principles.

Synopsis

Introduction (1). The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security).

Operating system security (2). Operating system integrity; password cracking; stack overflow and other common attacks; access control, Bell-LaPadula model, Biba model; viruses and Trojan horses; Unix and Windows security; Digital Rights Management

Cryptography (3). Symmetric and asymmetric encryption; electronic signatures; hashing. Encryption algorithms: AES, RSA; stream, and block ciphers; block cipher modes. Characteristics of good ciphers. Potential attacks, such as the birthday attack. Blind signatures.

Security Protocols (3). Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange. Dangers of key compromise. Prudent practices for protocol design. Key management.

Cyber Security (2). End-to-end architecture; Web security and the local area security; Public-key infrastructure; certification and revocation; secure-sockets layer

Pervasive Security (2). Peer-to-peer architecture; pervasive computation from Memex to smart spaces; multi-channel protocols; bootstrapping authentication from low-bandwidth channels.

Voting and ranking security (3). Secure elections; basic ideas of Multi-Party Computation; search ranking, search economics, web fraud; sponsored auctions; reputation, trust, risk and economics of security

(The number in parentheses indicates how many lectures I expect to devote to each part. This may, however, be adjusted as we go, depending on the interest, prerequisites, and other factors.)

This course has an average of 0.5 hours of practical work each week.

Syllabus

Aspects of security, security models, operating systems security, cryptography, security protocols, security and the world wide web.

Reading list

Unfortunately there is no course book that really covers the syllabus. However, the following might be useful.
  • Bruce Schneier. Applied Cryptography: Protocols, Algorithms, and Source in C. Wiley, 1995. A classic. Pleasant to read, but a bit dated, and not completely reliable in details.
  • Charlie Kaufman, Radia Perlman and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall 2002. Balanced textbook, written with in an easy, amusing style. Covers the most important topics of the course.
  • Ross Anderson. Security Engineering. Second Edition. Wiley, 2008. An impressive scope of the material, but treated, as the title says, from an engineering point of view, which is not the intent of our course. Very informative reading, though.
  • Peter Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe and Bill Roscoe. Modelling and Analysis of Security Protocols. Addison Wesley, 2001. A formal look at protocols, suitable for those familiar with CSP.
  • Wenbo Mao. Modern Cryptography - Theory & Practice. Prentice Hall 2004. A broad and accessible overview of the cryptographic aspects of security.

Taking our courses

This form is not to be used by students studying for a degree in the Department of Computer Science, or for Visiting Students who are registered for Computer Science courses

Other matriculated University of Oxford students who are interested in taking this, or other, courses in the Department of Computer Science, must complete this online form by 17.00 on Friday of 0th week of term in which the course is taught. Late requests, and requests sent by email, will not be considered. All requests must be approved by the relevant Computer Science departmental committee and can only be submitted using this form.

Student Space

Back to Top