Computer Laboratory > Teaching > Course material 2008–09 > Security



Principal lecturer: Prof Ross Anderson
Taken by: Part II
Past exam questions

I wrote up my lecture notes for this course into a book the first edition of which is now available online without charge. Another free book is the Handbook of Applied Cryptography which covers crypto algorithms, protocols and theory in more detail.

Here is my Google tech talk on searching for reputation thieves, phisherman and fake banks online.

Revision guide

Some students asked for a guide for revision. Here are some pointers, together with further reading for the keen.

Lectures 1-5 (security policy): see book chapters 1 and 8-10 (second edition) or 1 and 7-9 (first edition).

Lecture 6 (physical security, psychology): see book chapters 2 and 11 (second edition) or 10 (first edition: not so complete). You might also find the blog of our recent security psychology workshop interesting.

Lecture 7 (telecomms security, malware and firewalls): see book chapters 20 and 21 (second edition) or 17 and 18 (first edition). The book by Cheswick and Bellovin is a classic, and Howard and Leblanc's "Writing Secure Code" may also be worth a look.

Lecture 8 (Robert Watson's guest lecture on concurrency vulnerabilities): see his slides and exercise materials, and you might also read his paper.

Lecture 9 (cryptography revision plus the basics of stream and block ciphers): see book chapter 5, and do browse Schneier or other crypto books as well. Stinson is maybe the best introduction to block cipher design while Beker and Piper (though dated) is sound on the basics of stream ciphers.

Lecture 11 (shared-key authentication protocols): book chapter 3 (second edition) or 2 (first edition). You might also look at the BAN logic.

Lecture 12 (guest talk on anonymity given by Steven Murdoch): here are the slides, and see also chapter 23 of the book's second edition.

Lecture 13 (guest lecture on physical security of crypto processors by Sergei Skorobogatov): the slides are here, and you can also read book chapters 16-18 (second edition) or 14-15 (first edition). You might also look at our survey of cryptographic processors.

Lecture 14-15 (public-key crypto and protocols): again look at book chapter 5, and you might also enjoy the original Diffie-Hellman and RSA papers. For the fancy protocols such as secret sharing, zero knowledge, digital cash and so on you can get a gentle introduction in Schneier; the mathematically inclined might prefer books with more proofs such as Stinson or Koblitz. For the protocols side of things you can look at our papers on Programming Satan's Computer and Robustness principles for public key protocols.

Lecture 16 (security economics): see book chapter 7 (second edition) or our survey paper. For more, explore the Economics and Security Resource Page.