Computer Laboratory

Course pages 2014–15

Computer Security: Principles and Foundations

Reading materials

The following papers are assigned reading for R209; note that minor revisions to some session reading lists may still be made.

Course introduction slides from the first lecture can be found here:

Please contact the course instructors if you have any questions.

  1. Origins of computer security (14 October 2014)

  2. Access control (21 October 2014)

    Note: the level of reading for this week is quite high; please start early and pay careful attention to page ranges!

    Optional additional reading:

    • Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, Sheila A. Haghighat, A Domain and Type Enforcement UNIX Prototype, Proceedings of the Fifth USENIX UNIX Security Symposium (1996)
    • Richard Bisbey II and Dennis Hollingworth, Protection Analysis: Final Report, ISI/SR-78-13, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (May 1978)

  3. Capability systems (28 October 2014)

    Optional additional reading:

  4. Passwords (4 November 2014)

    Optional additional reading:

  5. Cryptographic protocols (11 November 2014)

    Note: the level of reading for this week is quite high; please start early!

    Optional additional reading:

  6. Programming-language security and information flow control (18 November 2014)

    Optional additional reading:

  7. Correctness vs. mitigation (25 November 2014)
    • Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood, seL4: formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems principles (SOSP '09) pp 207-220
    • Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler, A few billion lines of code later: using static analysis to find bugs in the real world, Communications of ACM 53, 2 (February 2010), 66-75
    • Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song, SoK: Eternal War in Memory, Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP '13). IEEE Computer Society, Washington, DC, USA, 48-62.

  8. Security economics (2 December 2014)

    Optional additional reading:

Last year’s course materials are still available.