Introduction to Security

Next: Computer Graphics and Image Up: Lent Term 2000: Part Previous: Prolog for Artificial Intelligence

Introduction to Security

Lecturer: Dr R. Anderson (rja14@cl.cam.ac.uk)

No. of lectures: 4

Prerequisite courses: Discrete Mathematics, Operating Systems

This course is a prerequisite for Distributed Systems (Part II) and Security (Part II).

Aims

The aim of this course is to introduce the basic concepts of computer security and cryptography and thus provide a foundation for Part II courses on both security and distributed systems.

Lectures

Typical applications. Cash machines, prepayment cards, book-keeping systems, multilevel secure systems, electronic warfare. Goals and definitions: security policy models.
Operating system security. Access matrices, access control lists, capabilities. Unix security: password cracking, stack overflow and other common attacks. Firewalls: common attacks on TCP/IP.
Symmetric cryptosystems. Stream and block ciphers. The Feistel construction: TEA and DES. Modes of operation. Examples of applications. Key exchange protocols.
Asymmetric cryptosystems. Diffie-Hellman key exchange. ElGamal encryption and signature; the US digital signature standard. Basic public key protocols and their problems, including Denning-Sacco, Needham-Schroder and oracle attacks.

Objectives

By the end of the course students should appreciate the range of different meanings that ``security'' has in different applications, and should be familiar with the most common commercial and military security policy concepts. They should understand the protection mechanisms used in common systems, and the most common attacks on them. They should be cryptography-literate, understanding the basics of public and shared key systems, block cipher modes of operation and authentication protocols.

Recommended books

Gollmann, D. (1999). Computer Security. Wiley.
Schneier, B. (1995). Applied Cryptography: Protocols, Algorithms, and Source in C. Wiley (2nd ed.).

Further reading:

Kahn, D. (1966). The Codebreakers: the Story of Secret Writing. Weidenfeld and Nicolson.
Cheswick, W.R. & Bellovin, S.M. (1994). Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley.
Garfinkel, S. & Spafford, G. (1996). Practical Unix and Internet Security. O'Reilly (2nd ed.).
Amoroso, E. (1994). Fundamentals of Computer Security Technology. Prentice-Hall.

Next: Computer Graphics and Image Up: Lent Term 2000: Part Previous: Prolog for Artificial Intelligence

Christine Northeast
Mon Sep 20 10:28:43 BST 1999