University of Cambridge Computer Laboratory

Principal lecturer: Dr Ross Anderson
Taken by: Part II
Number of lectures: 12
Lecture location: Rayleigh Lecture Room
Lecture times: 11:00 on MWF starting 15-Jan-99

This course builds on the 1b `Introduction to Security' course to give you a solid foundation in contemporary computer security and cryptology. We look at a number of applications which need various combinations of confidentiality, availability, integrity and covertness properties; at the mechanisms which we can use to incorporate these properties in systems; at how such systems fail; at how they can be made robust against various kinds of failure; and at various policy and legal issues.

The course consists of twelve lectures on the following topics. The notes are available here, as are some of the handouts; unfortunately some of them aren't for copyright and other reasons.

Books and other sources

System security is an extremely wide subject, drawing on a great range of disciplines. Although computer secience is now the central one, we draw on mathematics, electrical engineering, semiconductor physics, applied psychology, financial accounting, the criminal law ... there's never a dull moment.

The best way for you to acquire a feel for what's going on is by wide reading. The history is fun: for the period up to world war 2, see Kahn's `The Codebreakers', while details of how codebreakers at Bletchley Park cracked the Enigma during the war are in Welchman's `The Hut Six Story' and Hinsley and Stripp's `Codebreakers'.

Textbooks: Ed Amoroso's `Fundamentals of Computer Security Technology' is a good general introduction, while Dieter Gollmann's `Computer Security' is very good on the military side of things. For more specific information on Unix and Internet security, see Cheswick and Bellovin's `Firewalls and Internet Security' and Garfinkel and Spafford's `Practical Unix and Internet Security'.

None of the above goes into cryptology in much depth. For that, try Schneier's `Applied Cryptography' which is quite broad and includes `C' source code for a lot of algorithms (be sure to get the second edition). More specialised books are referred to in the further reading notes at the end of each lecture.

If you are thinking of a career (research or otherwise) which touches on this subject, I'd encourage you to come to the security seminars, which are held on most Tuesday afternoons during term, and the lab's security group meetings at 4pm on Fridays (both in TP4).

Finally, there are many relevant and interesting resources on the web, from newsgroups such as sci.crypt.research and comp.risks through hacker and CERT sites to organisations involved in crypto policy and, of course, researchers' home pages.

Ross Anderson
January 1999