Access control.
Discretionary access control in POSIX and Windows, elevated rights and
setuid bits, capabilities, mandatory access control, Clark/Wilson
integrity.
Operating system and network security.
OS security functions, trusted computing base, malicious software,
common implementation vulnerabilities, TCP/IP vulnerabilities and
firewalls, security evaluation methodology and standards. [2 lectures]
Security policies and management.
Application-specific security requirements, targets and policies,
security management, BS 7799.
Objectives
By the end of the course students should
appreciate the range of meanings that ``security'' has
across different applications
be familiar with the most common security terms and concepts
have a basic understanding of the most commonly used attack
techniques and protection mechanisms
have gained basic insight into aspects of modern cryptography and its
applications
Recommended reading
* Gollmann, D. (2006). Computer Security. Wiley.
Stinson, D. (2002). Cryptography: theory and practice. Chapman & Hall/CRC (2nd ed.).
Further reading:
Anderson, R. (2001). Security engineering: a guide to building dependable distributed systems. Wiley.
Schneier, B. (1995). Applied cryptography: protocols, algorithms, and source code in C. Wiley (2nd ed.).
Cheswick, W.R., Bellovin, S.M. & Rubin, A.D. (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley (2nd ed.).
Garfinkel, S., Spafford, G. & Schwartz, A. (2003). Practical Unix and Internet security. O'Reilly (3nd ed.).