Security 2009–10
Principal lecturer: Prof Ross Anderson
Taken by: Part II Syllabus
Past
exam questions
I wrote up my lecture notes for this course into a book the first edition of
which is now available online without charge. Another free book is the Handbook of Applied
Cryptography which covers crypto algorithms, protocols and theory in more
detail.
Here is my Google
tech talk on searching for reputation thieves, phisherman and fake
banks online.
Revision guide
Some students last year asked for a guide for revision that would help them map
lectures to book chapters and other resources. Here are some pointers, together
with further reading for the keen.
I am in the process of converting acetate slides to powerpoint as we go along
and will put up the slides after the lectures: lecture 1, lecture 2, lecture 3, lecture 5, lecture 7, lecture 8, lecture 9, lecture 10, lecture 13, lecture 14, lecture 15, and lecture 16.
Lectures 1-3, 5 (security policy): see book chapters 1, 8, 9
and 10 (second
edition)
or 1, 7, 8 and 9 (first edition).
The UK government's security policy framework
is here; its
predecessor
is here. Here's
the snooping
dragon paper, and a news article on the use of targeted malware in
fraud (more from the FBI, and here).
Lecture 4 (guest talk on anonymity given by Steven
Murdoch): here are
the slides,
and see
also chapter
23 of the book's second edition.
Lecture 6 (Robert Watson's guest lecture on
concurrency vulnerabilities): see
his slides
and his paper.
Lecture 7 (physical security, psychology): see book chapters 2 and 11, and a Google tech
talk I gave on searching for covert communities and villains online. The
most detailed security psychology tutorial is probably a set of five book
chapters by Peter Gutmann. You might also find the blog of our recent security
psychology workshop interesting.
Lecture 8 (telecomms security, malware and firewalls): see
book chapters 20 and 21 (second edition) or 17 and 18 (first edition).
Cheswick and Bellovin's Firewalls
and Internet Security: Repelling the Wily Hacker is a classic, while
Howard and Leblanc's Writing
Secure Code is also well worth a look.
Lecture 9 (cryptography revision, with basics of stream and
block ciphers): see book
chapter 5, and do
browse other crypto books too. Stinson is maybe the best introduction to block
cipher design while Menezes, van Oorschot and
Vanstone is a handy reference. (NB: the material from lecture 9 has been
trimmed and moved to lecture 14.)
Lecture 10, 13 (shared-key authentication protocols): book
chapter 3 (second edition) or 2 (first edition);
material on API attacks at chapter 18.
You might also look at the BAN
logic.
Lecture 11 (guest lecture on physical security of crypto
processors by Sergei Skorobogatov): the slides are here, and you can
also read book chapters 16 and 17 (second
edition) or 14
and 15 (first
edition). You might also look at
our survey of
cryptographic processors.
Lecture 12 (guest talk on social network security given by
Joe Bonneau): here are his slides
and his other writings on the topic.
Lecture 14-15 (crypto engineering and public-key protocols):
again look at book chapter 5. You might also enjoy
the original
Diffie-Hellman
and RSA
papers. For the fancy protocols such as secret sharing, zero knowledge, digital
cash and so on you can get a gentle introduction in Schneier; the
mathematically inclined might prefer books with more proofs such as Stinson or
Koblitz. For the protocols side of things you can look at our papers
on Programming
Satan's Computer
and Robustness
principles for public key protocols.
Lecture 16 (security economics): see book chapter 7 (second
edition) or our survey paper.
For more, explore the Economics and Security
Resource Page.
|