Next: Natural Language Processing
Up: Lent Term 2004: Part
Previous: Introduction to Functional Programming
  Contents
Introduction to Security
Lecturer: Dr M.G. Kuhn
No. of lectures: 6
Prerequisite courses: Operating System Foundations, Mathematics for Computation Theory
This course is a prerequisite for Distributed Systems.
Aims
This course is a broad introduction to both computer security and
cryptography. It covers important basic concepts and techniques.
Lectures
- Introduction.
Application-specific security requirements, targets and policies,
common terms, security management, computer misuse and data protection
legislation.
- Access control
Discretionary access control in POSIX and Windows, elevated rights and
setuid bits, capabilities, mandatory access control, Clark/Wilson
integrity.
- Operating system and network security.
OS security functions, trusted computing base, malicious software,
common implementation vulnerabilities, TCP/IP vulnerabilities and
firewalls, security evaluation methodology and standards.
- Symmetric cryptography. Pseudo-random functions and permutations,
computational security, secure hash functions, birthday problem, block
ciphers, modes of operation, message authentication codes,
applications of hash functions, random number generation.
- Asymmetric cryptography. Key management problem, signatures
and certificates, number theory revisited, discrete logarithm problem,
Diffie-Hellman key exchange, ElGamal encryption and signature, hybrid
cryptography.
- Authentication techniques. Passwords, one-way and
challenge-response protocols, Needham-Schroeder, protocol
failure examples, hardware tokens.
Objectives
By the end of the course students should
- appreciate the range of meanings that ``security'' has
across different applications
- be familiar with the most common security terms and concepts
- have a basic understanding of the most commonly used attack
techniques and protection mechanisms
- have gained basic insight into aspects of modern cryptography and its
applications
Recommended books
* Gollmann, D. (1999). Computer Security. Wiley.
Stinson, D. (2002). Cryptography - theory and practice.
Chapman & Hall/CRC (2nd ed.).
Further reading:
Anderson, R. (2001). Security engineering: a guide to building
dependable distributed systems. Wiley.
Schneier, B. (1995). Applied Cryptography: Protocols, Algorithms,
and Source in C. Wiley (2nd ed.).
Cheswick, W.R., Bellovin, S.M. & Rubin, A.D. (2003). Firewalls
and Internet security: repelling the wily hacker. Addison-Wesley
(2nd ed.).
Garfinkel, S. & Spafford, G. (1996). Practical Unix and Internet
security. O'Reilly (2nd ed.).
Next: Natural Language Processing
Up: Lent Term 2004: Part
Previous: Introduction to Functional Programming
  Contents
Christine Northeast
Thu Sep 4 15:29:01 BST 2003