Course pages 2012–13

Principles and Foundations of Computer Security

Reading materials

1. Origins and foundations of computer security. Here are the first and second decks of slides for the course briefing; students should also read the following papers.
   1. The Protection of Information in Computer Systems, Jerome H Saltzer and Michael D Schroder, Communications of the ACM v 17 no 7 (July 1974)
   2. A Note on the Confinement Problem, Butler Lampson, Communications of the ACM v 16 no 10 (Oct 1973) pp 613–615
   3. New Directions in Cryptography, IEEE Transactions on Information Theory v IT-22 (Nov 1976) pp 644–654
   4. Using Encryption for Authentication in Large Networks of Computers, Roger Needham and Michael Schroeder, Communications of the ACM v 21 no 12 (Dec 1978)
2. Access control systems
   1. Secure Computer System: Unified Exposition and Multics Interpretation, D Elliot Bell and Len LaPadula, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (1975). Read pp1-75 only – you can skip the appendix
   2. Protection Analysis: Final Report, Richard Bisbey II and Dennis Hollingworth, ISI/SR-78-13, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (May 1978)
   3. MULTICS Security Evaluation, Volume II: Vulnerability Analysis, Paul Karger and Roger Schell, ESD-TR-74-193, v II, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731 (June 1974). Read pp1-64 – you can skip the Subverter Listing, although the glossary on p149 is useful
   4. A Domain and Type Enforcement UNIX Prototype, Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, Sheila A. Haghighat, Proceedings of the Fifth USENIX UNIX Security Symposium (1996)
3. Hardware and software capability systems
   1. HYDRA: the kernel of a multiprocessor operating system, W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack, Communications of the ACM v 17 no 6 pp 337–345 (1974)
   2. Protection in programming languages, James H Morris, Communications of the ACM v 16 no 1 (1973)
   3. A Security Analysis of the Combex DarpaBrowser Architecture, David Wagner, Dean Tribble, March 4, 2002
   4. Capsicum: practical capabilities for UNIX, R. N. M. Watson, J. Anderson, B. Laurie, and K. Kennaway, 19th USENIX Security Symposium, 2010
4. Programming language and information flow security
   1. Reflections on Trusting Trust, Ken Thompson, Communications of the ACM v 27 no 8 (1984) pp 761–763
   2. Going beyond the sandbox: an overview of the new security architecture in the java TM development Kit 1.2, Li Gong, Marianne Mueller, Hemma Prafullchandra and Roland Schemmers, Proceedings of the USENIX Symposium on Internet Technologies and Systems (USITS'97)
   3. A Decentralized Model for Information Flow Control, Andrew C. Myers, Barbara Liskov, Proceedings of the 16th ACM Symposium on Operating Systems Principles, Saint-Malo, France, 5 –8 October 1997
   4. A Security-Oriented Subset of Java, Adrian Mettler, David Wagner, Tyler Close, Joe-E, Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February – 3rd March 2010
5. The economics of security
   1. Information security: where computer science, economics and psychology meet, Ross Anderson, Tyler Moore, Phil Trans Roy Soc A v 367 no 1898 pp 2717–2727 (2009)
   2. The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data by Michel van Eeten and colleagues, WEIS 2011
   3. Measuring the Cost of Cybercrime, Ross Anderson and colleagues, WEIS 2012
   4. Is the Internet for Porn? An Insight Into the Online Adult Industry by Gilbert Wondracek and colleagues, WEIS 2010
6. Passwords: technology, human factors and what goes wrong
   1. Password security: a case history, Robert Morris and Ken Thompson, Communications of the ACM v 22 no 11 (1979)
   2. Users are not the enemy, Anne Adams and M. Angela Sasse, Communications of the ACM v 42 no 12 (1999)
   3. Where Do Security Policies Come From? Dinei Florencio and Cormac Herley, Proceedings of SOUPS 2010
   Optional additional reading:
   • The password thicket: technical and market failures in human authentication on the web, Joseph Bonneau and Sören Preibusch, Proceedings of WEIS 2010
   • The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano, IEEE Security and Privacy 2012
7. Cryptographic protocols: possibilities and limitations
   1. A Logic of Authentication, Mike Burrows, Martín Abadi and Roger Needham, Proc. Roy. Soc. A v 426 no 1871 pp 233–271 (1989)
   2. Prudent Engineering Practice for Cryptographic Protocols, Martín Abadi and Roger Needham, IEEE Transactions on Software Engineering v 22 no 1 (1996) pp 6–15
   3. The History of Subliminal Channels, Gustavus J. Simmons, Information Hiding (1996) pp 237–256
   4. API Attacks, from Security Engineering – A Guide to Building Dependable Distributed Systems, Ross Anderson, second edition, Wiley (2008)
8. Correctness versus mitigation
   1. seL4: formal verification of an OS kernel, Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (SOSP '09) pp 207-220
   2. A few billion lines of code later: using static analysis to find bugs in the real world, Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler, Comm ACM 53, 2 (February 2010), 66-75
   3. Mitigating Software Vulnerabilities, Matt Miller, Tim Burrell, and Michael Howard, Microsoft Corporation, July 2011

• © 2012 Computer Laboratory, University of Cambridge
  Information provided by Prof Ross Anderson