Computer Laboratory > Teaching > Course material 2009–10 > Security

 

Security
2009–10

Principal lecturer: Prof Ross Anderson
Taken by: Part II
Syllabus
Past exam questions

I wrote up my lecture notes for this course into a book the first edition of which is now available online without charge. Another free book is the Handbook of Applied Cryptography which covers crypto algorithms, protocols and theory in more detail.

Here is my Google tech talk on searching for reputation thieves, phisherman and fake banks online.

Revision guide

Some students last year asked for a guide for revision that would help them map lectures to book chapters and other resources. Here are some pointers, together with further reading for the keen.

I am in the process of converting acetate slides to powerpoint as we go along and will put up the slides after the lectures: lecture 1, lecture 2, lecture 3, lecture 5, lecture 7, lecture 8, lecture 9, lecture 10, lecture 13, lecture 14, lecture 15, and lecture 16.

Lectures 1-3, 5 (security policy): see book chapters 1, 8, 9 and 10 (second edition) or 1, 7, 8 and 9 (first edition). The UK government's security policy framework is here; its predecessor is here. Here's the snooping dragon paper, and a news article on the use of targeted malware in fraud (more from the FBI, and here).

Lecture 4 (guest talk on anonymity given by Steven Murdoch): here are the slides, and see also chapter 23 of the book's second edition.

Lecture 6 (Robert Watson's guest lecture on concurrency vulnerabilities): see his slides and his paper.

Lecture 7 (physical security, psychology): see book chapters 2 and 11, and a Google tech talk I gave on searching for covert communities and villains online. The most detailed security psychology tutorial is probably a set of five book chapters by Peter Gutmann. You might also find the blog of our recent security psychology workshop interesting.

Lecture 8 (telecomms security, malware and firewalls): see book chapters 20 and 21 (second edition) or 17 and 18 (first edition). Cheswick and Bellovin's Firewalls and Internet Security: Repelling the Wily Hacker is a classic, while Howard and Leblanc's Writing Secure Code is also well worth a look.

Lecture 9 (cryptography revision, with basics of stream and block ciphers): see book chapter 5, and do browse other crypto books too. Stinson is maybe the best introduction to block cipher design while Menezes, van Oorschot and Vanstone is a handy reference. (NB: the material from lecture 9 has been trimmed and moved to lecture 14.)

Lecture 10, 13 (shared-key authentication protocols): book chapter 3 (second edition) or 2 (first edition); material on API attacks at chapter 18. You might also look at the BAN logic.

Lecture 11 (guest lecture on physical security of crypto processors by Sergei Skorobogatov): the slides are here, and you can also read book chapters 16 and 17 (second edition) or 14 and 15 (first edition). You might also look at our survey of cryptographic processors.

Lecture 12 (guest talk on social network security given by Joe Bonneau): here are his slides and his other writings on the topic.

Lecture 14-15 (crypto engineering and public-key protocols): again look at book chapter 5. You might also enjoy the original Diffie-Hellman and RSA papers. For the fancy protocols such as secret sharing, zero knowledge, digital cash and so on you can get a gentle introduction in Schneier; the mathematically inclined might prefer books with more proofs such as Stinson or Koblitz. For the protocols side of things you can look at our papers on Programming Satan's Computer and Robustness principles for public key protocols.

Lecture 16 (security economics): see book chapter 7 (second edition) or our survey paper. For more, explore the Economics and Security Resource Page.