![[Search]](../../../images/search.gif){kind=small}
![[A-Z Index]](../../../images/az.gif){kind=small}
![[Contact]](../../../images/contact.gif){kind=small}
![[University of Cambridge]](../../../images/identifier2.gif){kind=small}
Next: Part II of the Up: Easter Term 2010: Part Previous: Economics and Law Contents
Introduction to Security
Lecturer: Dr S.J. Murdoch
No. of lectures: 8
Prerequisite courses: Discrete Mathematics, Operating Systems
This course is a prerequisite for Security (Part II).
Aims
This course is a broad introduction to both computer security and cryptography. It covers important basic concepts and techniques.
Lectures
- Cryptography. Introduction, terminology, classic ciphers,
perfect secrecy, Vernam cipher, pseudo-random functions and
permutations, computational security, random bit generation, secure
hash functions, birthday problem.
- Symmetric cryptography. Block ciphers, modes of operation,
message authentication codes, applications of secure hash functions.
- Asymmetric cryptography. Key-management problem, signatures
and certificates, number theory revisited, discrete logarithm
problem, Diffie-Hellman key exchange, ElGamal encryption and
signature, hybrid cryptography.
- Authentication techniques. Passwords, one-way and
challenge-response protocols, Needham-Schroeder, protocol failure
examples, hardware tokens.
- Access control. Discretionary access control in POSIX and
Windows, elevated rights and setuid bits, capabilities, mandatory
access control, covert channels, Clark-Wilson integrity. [2 lectures]
- Operating system security. OS security functions, trusted
computing base, security evaluation methodology and standards.
- Software security. Malicious software, viruses, common
implementation vulnerabilities, buffer overflows, meta characters,
integer overflows, race conditions, side channels.
Objectives
By the end of the course students should
- be familiar with some common security terms and concepts;
- have a basic understanding of some commonly used attack
techniques and protection mechanisms;
- have gained basic insight into aspects of modern cryptography
and its applications;
- appreciate the range of meanings that ``security'' has across
different applications.
Recommended reading
* Gollmann, D. (2006). Computer security. Wiley (2nd ed.).
Stinson, D. (2005). Cryptography: theory and practice. Chapman & Hall/CRC (3rd ed.).
Further reading:
Anderson, R. (2008). Security engineering: a guide to building dependable distributed systems. Wiley (2nd ed.).
Schneier, B. (1995). Applied cryptography: protocols, algorithms, and source code in C. Wiley (2nd ed.).
Cheswick, W.R., Bellovin, S.M. & Rubin, A.D. (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley (2nd ed.).
Garfinkel, S., Spafford, G. & Schwartz, A. (2003). Practical Unix and Internet security. O'Reilly (3nd ed.).
Next: Part II of the Up: Easter Term 2010: Part Previous: Economics and Law Contents