Course pages 2014–15

Computer Security: Principles and Foundations

Reading materials

The following papers are assigned reading for R209; note that minor revisions to some session reading lists may still be made.

Course introduction slides from the first lecture can be found here:

• Introduction to R209
• To be published shortly

Please contact the course instructors if you have any questions.

1. Origins of computer security (14 October 2014)
   • Jerome H Saltzer and Michael D Schroeder, The Protection of Information in Computer Systems, Communications of the ACM v 17 no 7 (July 1974)
   • Butler Lampson, A Note on the Confinement Problem, Communications of the ACM v 16 no 10 (Oct 1973) pp 613–615
   • Whitfield Diffie and Martin E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory v IT-22 (Nov 1976) pp 644–654
   • Using Encryption for Authentication in Large Networks of Computers, Roger Needham and Michael Schroeder, Communications of the ACM v 21 no 12 (Dec 1978)


2. Access control (21 October 2014)

   Note: the level of reading for this week is quite high; please start early and pay careful attention to page ranges!

   • Secure Computer System: Unified Exposition and Multics Interpretation, D Elliot Bell and Len LaPadula, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (1975). Read pp1-48, 64-73 only.
   • MULTICS Security Evaluation, Volume II: Vulnerability Analysis, Paul Karger and Roger Schell, ESD-TR-74-193, v II, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731 (June 1974). Read pp1-64; *skip the Subverter Listing*; the glossary on p149 may be useful
   • A decade of OS access-control extensibility, Robert N. M. Watson, Communications of the ACM 56(2), February 2013.

   Optional additional reading:

   • Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, Sheila A. Haghighat, A Domain and Type Enforcement UNIX Prototype, Proceedings of the Fifth USENIX UNIX Security Symposium (1996)
   • Richard Bisbey II and Dennis Hollingworth, Protection Analysis: Final Report, ISI/SR-78-13, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (May 1978)


3. Capability systems (28 October 2014)
   • Levy, Henry M., Capability-Based Computer Systems, Digital Equipment Corporation 1984. ISBN 0-932376-22-3. Read Chapter 1 only
   • David Wagner and Dean Tribble, A Security Analysis of the Combex DarpaBrowser Architecture, March 4, 2002
   • R. N. M. Watson, J. Anderson, B. Laurie, and K. Kennaway, Capsicum: practical capabilities for UNIX 19th USENIX Security Symposium, 2010

   Optional additional reading:

   • Mark S. Miller, Ka-Ping Yee, Jonathan Shapiro. Capability Myths Demolished, Technical Report SRL2003-02, Systems Research Laboratory, Johns Hopkins University
   • W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack, HYDRA: the kernel of a multiprocessor operating system, Communications of the ACM v 17 no 6 pp 337–345 (1974)


4. Passwords (4 November 2014)
   • Robert Morris and Ken Thompson, Password security: a case history, Communications of the ACM v 22 no 11 (1979).
   • Anne Adams and M. Angela Sasse, Users are not the enemy, Communications of the ACM v 42 no 12 (1999).
   • Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano, The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, IEEE Security and Privacy 2012.

   Optional additional reading:

   • Joseph Bonneau, The science of guessing: analyzing an anonymized corpus of 70 million passwords, 2012 IEEE Symposium on Security and Privacy.
   • Joseph Bonneau and Sören Preibusch, The password thicket: technical and market failures in human authentication on the web, Proceedings of WEIS 2010
   • Dinei Florencio and Cormac Herley, A large-scale study of web password habits, WWW 2007 Proceedings of the 16th international conference on World Wide Web.


5. Cryptographic protocols (11 November 2014)

   Note: the level of reading for this week is quite high; please start early!

   • Mike Burrows, Martín Abadi and Roger Needham, A Logic of Authentication, Proc. Roy. Soc. A v 426 no 1871 pp 233–271 (1989).
   • Martín Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering v 22 no 1 (1996) pp 6–15.
   • Ross Anderson, API Attacks, from Security Engineering – A Guide to Building Dependable Distributed Systems, Second Edition, Wiley (2008).

   Optional additional reading:

   • Gustavus J. Simmons, The History of Subliminal Channels, Information Hiding (1996) pp 237-256.


6. Programming-language security and information flow control (18 November 2014)
   • Li Gong, Marianne Mueller, Hemma Prafullchandra and Roland Schemmers, Going beyond the sandbox: an overview of the new security architecture in the java TM development Kit 1.2, Proceedings of the USENIX Symposium on Internet Technologies and Systems (USITS'97).
   • Andrew C. Myers and Barbara Liskov, A Decentralized Model for Information Flow Control, Proceedings of the 16th ACM Symposium on Operating Systems Principles, Saint-Malo, France, 5 –8 October 1997.
   • Adrian Mettler, David Wagner, and Tyler Close, Joe-E, Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February – 3rd March 2010.

   Optional additional reading:

   • Ken Thompson, Reflections on Trusting Trust, Communications of the ACM v 27 no 8 (1984) pp 761–763.
7. Correctness vs. mitigation (25 November 2014)
   • Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood, seL4: formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems principles (SOSP '09) pp 207-220
   • Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler, A few billion lines of code later: using static analysis to find bugs in the real world, Communications of ACM 53, 2 (February 2010), 66-75
   • Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song, SoK: Eternal War in Memory, Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP '13). IEEE Computer Society, Washington, DC, USA, 48-62.


8. Security economics (2 December 2014)
   • Ross Anderson and Tyler Moore, Information security: where computer science, economics, and psychology meet, Phil Trans Roy Soc A v 367 no 1898 pp 2717–2727 (2009).
   • Michel van Eeten, Johannes M. Bauer, Hadi Asghari, Shirin Tabatabaie, and Dave Rand, The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data, WEIS 2010.
   • Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, and Christopher Kruegel, Is the Internet for Porn? An Insight Into the Online Adult Industry, WEIS 2010.

   Optional additional reading:

   • Ross Anderson, Chris Barton, Rainer Bohme, Richard Clayton, Michel J.G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage, Measuring the Cost of Cybercrime, WEIS 2012.

Last year’s course materials are still available.