Last updated
November 22, 2005 9:42
Topic |
Slides |
Required Reading
(from the Bishop's text book, unless otherwise specified) |
Optional Reading
(from the text book, unless otherwise specified) |
Course Orientation |
printable, viewable |
none |
none |
Introduction |
printable, viewable |
- Bishop's chapter 1
- Anderson's chapter 1
|
Rudimentary Treatise on the Construction of Locks, by Tomlinson |
Cryptography: Introduction |
printable, viewable |
- Anderson's 5.1-5.4
- Bishop's 8.1 -- 8.2.2
|
|
Cryptography: Symmetric Key Cryptosystems |
printable, viewable |
- Anderson's 5.5-5.8
- Bishop's 8.2.3, 8.2.4
|
|
Cryptography: Asymmetric Key Cryptosystems |
printable, viewable |
- Anderson's 5.5-5.8
- Sections 8.3 -- 8.6
|
|
Key Management |
printable, viewable |
|
|
Cryptography in Networks |
printable, viewable |
- Bishop's Sections 10.3--11.6
|
|
Case study: "Security Possibilities in Layer 2" by Allan Anton |
viewable |
|
N/A |
Authentication |
printable,
viewable |
- Anderson's Chapters 3 and 13.
- Bishop's Chapter 11
|
|
Access control mechanisms and policies |
|
- Anderson's book: 4.1, 4.2, 4.4, 4.5, 7.1-7.3, 7.6, 7.7, 8.1, 8.2, 8.5, 9.2.
- Bishop's book: 14.1, 14.2, 4.1-4.4, 4.6, chapter 5, 6.2-6.4, 7.1, 7.3-7.5.
|
- Anderson's book: 4.3, 7.4, 7.5, 8.3, 8.4, 9.1, 9.3-9.5.
- Bishop's book: chapter 3, 7.2
- B. Lampson. "Protection," Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp. 18-24.
- Sandhu, Ravi S. "Lattice-Based Access Control Models." In: IEEE Computer, 26(11), pp. 9-19, 1993.
|
Malicious Logic |
printable
viewable |
- Bishop's Chapter 19
- E. Spafford, "A Failure to Learn from the Past," in Proceedings of Annual Computer Security Applications Conference (ACSAC), Las Vegas, Nevada, 2003.
- Anderson's book: Section 18.4
|
- Reflections on trusting trust, by Thompson.
- E. Spafford, "The Internet Worm: Crisis and Aftermath" Communications of the ACM v. 32(6), pp. 678-687; June 1989.
- H. Orman, "The Morris Worm: A Fifteen-Year Perspective" in IEEE Security & Privacy, vol. 1, no. 5, 2003, pp. 35-43.
- P. Boutin, "Slammed! An inside view of the worm that crashed the Internet in 15 minutes," Wired Magazine, Vol. 11, No. 07, July 2003.
- D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, The Spread of the Sapphire/Slammer Worm, Cooperative Association for Internet Data Analysis (CAIDA), 2003.
- McIlroy, M.D., "Virology 101", Computing Systems, v 2, n 2, Spring 1989, p 173-81
- C. Shannon and D. Moore, "The spread of the Witty worm," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp. 46-50.
- J. Pincus and B. Baker, "Beyond Stack Smashing: Recent Advances in Exploting Buffer Overruns," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp.20-27.
|
Availability |
printable
viewable |
|
- Practical Byzantine Fault Tolerance, video record of a talk given at MIT by Barbara Liskov.
- R. Albert, H. Jeong, and A.-L. Barabasi, "Error and attack tolerance of complex networks," Nature, vol. 406, no. 6794, 2000, pp. 378-82.
- D. Geer, C.P. Pfleeger, B. Schneier, J.S. Quarterman, P. Metzger, R. Bace, and P. Gutmann, "CyberInSecurity: The Cost of Monopoly," 2003.
|
Design Principles |
printable
viewable |
|
J. Saltzer and M. Schroeder "The Protection of Information in Computer Systems" |
Developing Secure Software |
printable
viewable |
|
|
Accountability |
self-study |
|
|
Assurance |
self-study |
|
|
Security & Usability |
printable
viewable |
- D. Balfanz, D.K. Smetters, and R. E. Grinter, "In Search of Usable Security: Five Lessons From The Field," IEEE Security and Privacy, volume 2, number 5, pp.19-24, September/October 2004.
- K. Yee, "User Interaction Design for Secure Systems"
|
|
Economics of Security |
|
|
|
|