Computer Laboratory Home Page Search A-Z Directory Help
University of Cambridge Home Computer Laboratory
Computer Science Syllabus - Introduction to Security
Computer Laboratory > Computer Science Syllabus - Introduction to Security

Introduction to Security next up previous contents
Next: Part II of the Up: Easter Term 2006: Part Previous: Economics and Law   Contents


Introduction to Security

Lecturer: Dr M.G. Kuhn

No. of lectures: 8

Prerequisite courses: Discrete Mathematics or Mathematics for Computation Theory, Operating Systems

This course is a prerequisite for Distributed Systems (Part II and Diploma) and Security (Part II).


Aims


This course is a broad introduction to both computer security and cryptography. It covers important basic concepts and techniques.


Lectures

  • Introduction. Application-specific security requirements, targets and policies, common terms, security management.

  • Access control. Discretionary access control in POSIX and Windows, elevated rights and setuid bits, capabilities, mandatory access control, Clark/Wilson integrity.

  • Operating system and network security. OS security functions, trusted computing base, malicious software, common implementation vulnerabilities, TCP/IP vulnerabilities and firewalls, security evaluation methodology and standards. [2 lectures]

  • Symmetric cryptography. Pseudo-random functions and permutations, computational security, secure hash functions, birthday problem, block ciphers, modes of operation, message authentication codes, applications of hash functions, random number generation. [2 lectures]

  • Asymmetric cryptography. Key management problem, signatures and certificates, number theory revisited, discrete logarithm problem, Diffie-Hellman key exchange, ElGamal encryption and signature, hybrid cryptography.

  • Authentication techniques. Passwords, one-way and challenge-response protocols, Needham-Schroeder, protocol failure examples, hardware tokens.

Objectives


By the end of the course students should

  • appreciate the range of meanings that ``security'' has across different applications

  • be familiar with the most common security terms and concepts

  • have a basic understanding of the most commonly used attack techniques and protection mechanisms

  • have gained basic insight into aspects of modern cryptography and its applications


Recommended reading


* Gollmann, D. (1999). Computer Security. Wiley.
Stinson, D. (2002). Cryptography: theory and practice. Chapman & Hall/CRC (2nd ed.).


Further reading:


Anderson, R. (2001). Security engineering: a guide to building dependable distributed systems. Wiley.
Schneier, B. (1995). Applied cryptography: protocols, algorithms, and source code in C. Wiley (2nd ed.).
Cheswick, W.R., Bellovin, S.M. & Rubin, A.D. (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley (2nd ed.).
Garfinkel, S., Spafford, G. & Schwartz, A. (2003). Practical Unix and Internet security. O'Reilly (3nd ed.).


next up previous contents
Next: Part II of the Up: Easter Term 2006: Part Previous: Economics and Law   Contents
Christine Northeast
Sun Sep 11 15:46:50 BST 2005