Security 2008–09
Principal lecturer: Prof Ross Anderson
Taken by: Part II
Syllabus
Past exam questions
I wrote up my lecture notes for this course into a book the first edition of
which is now available online without charge. Another free book is the Handbook of Applied
Cryptography which covers crypto algorithms, protocols and theory in more
detail.
Here is my Google
tech talk on searching for reputation thieves, phisherman and fake
banks online.
Revision guide
Some students asked for a guide for revision. Here are some pointers, together
with further reading for the keen.
Lectures 1-5 (security policy): see book chapters 1 and 8-10
(second edition) or 1 and 7-9 (first edition).
Lecture 6 (physical security, psychology): see book chapters 2
and 11 (second edition) or 10 (first edition: not so complete). You might also
find the blog of our recent security
psychology workshop interesting.
Lecture 7 (telecomms security, malware and firewalls): see
book chapters 20 and 21 (second edition) or 17 and 18 (first edition). The
book by Cheswick and Bellovin is a classic, and Howard and Leblanc's "Writing
Secure Code" may also be worth a look.
Lecture 8 (Robert Watson's guest lecture on concurrency
vulnerabilities): see his slides and exercise materials, and you
might also read his paper.
Lecture 9 (cryptography revision plus the basics of stream and
block ciphers): see book chapter 5, and do browse Schneier or other crypto
books as well. Stinson is maybe the best introduction to block cipher design
while Beker and Piper (though dated) is sound on the basics of stream ciphers.
Lecture 11 (shared-key authentication protocols): book chapter
3 (second edition) or 2 (first edition). You might also look at the BAN logic.
Lecture 12 (guest talk on anonymity given by Steven Murdoch):
here are the slides, and see also chapter 23 of the book's second edition.
Lecture 13 (guest lecture on physical security of crypto
processors by Sergei Skorobogatov): the slides are here, and you can
also read book chapters 16-18 (second edition) or 14-15 (first edition). You
might also look at our survey of
cryptographic processors.
Lecture 14-15 (public-key crypto and protocols): again look at
book chapter 5, and you might also enjoy the original
Diffie-Hellman and RSA papers. For the
fancy protocols such as secret sharing, zero knowledge, digital cash and so on
you can get a gentle introduction in Schneier; the mathematically inclined
might prefer books with more proofs such as Stinson or Koblitz. For the
protocols side of things you can look at our papers on Programming Satan's
Computer and Robustness
principles for public key protocols.
Lecture 16 (security economics): see book chapter 7
(second edition) or our survey paper.
For more, explore the Economics and Security
Resource Page.
|