Course pages 2014–15
Security II
As this is a final-year Part II course, students are encouraged and expected to read the research papers listed below as opposed to relying only on the course handout. If you're thinking "Wow! That's a lot of papers! How on Earth am I going to do that?!?" then the advice in the following two-page paper may be helpful in acquiring this vital research skill: S. Keshav, "How to Read a Paper", ACM SIGCOMM CCR 37(3):83--84, 2007.
Lecture slides (by lecturer) and relevant reading material
All lectures 1200-1300 in LT2 @ WGB.
- Frank Stajano:
- Security,
human factors and psychology. Passwords. Security policies. Physical
security. (MWF 16-28 Jan)
- Ross Anderson, Security Engineering
- Kevin Mitnick, The art of deception
- Alma Whitten, Doug Tygar, Why Johnny can't encrypt
- Anne Adams, Angela Sasse, Users are not the enemy
- Frank Stajano, Paul Wilson, Understanding scam victims
- Robert Cialdini, Influence - science and practice
- Daniel Kahneman, Nobel lecture (video, article).
- Daniel Kahneman, Amos Tversky, Prospect theory: an analysis of decision under risk
- Daniel Kahneman, Thinking fast and slow
- Elliott Bell, Len La Padula, Secure computer system: unified exposition and Multics interpretation
- David Clark, David Wilson, A Comparison of Commercial and Military Computer Security Policies
- Frank Stajano, Ross Anderson, The Resurrecting Duckling
- Joseph Bonneau, Sören Preibusch, The password thicket
- Joseph Bonneau, Cormac Herley, Paul van Oorschot, Frank Stajano, The quest to replace passwords
- Frank Stajano, Pico: no more passwords
- Adam Beautement, Angela Sasse, Mike Wonham, The compliance budget
- Roger Needham, Denial of service: an example
- Matt Blaze, Rights Amplification in Master-Keyed Mechanical Locks
- Steven Murdoch:
- Anonymity and censorship resistance (30 Jan)
- Richard Clayton:
- Security economics (2 Feb)
- Robert Watson:
- Concurrency and security (4 Feb)
- Markus Kuhn:
- Cryptography: secure hash functions, key distribution problem, number theory, finite fields, cyclic groups, discrete logarithm problem, Diffie–Hellman key exchange, elliptic curves,
RSA,digital signature algorithms. (2up handout, 4up handout, slide show, exercise sheet) (MWF 6–20 Feb)Note: For time reasons, we had to skip the discussion of RSA and covered digital signatures only briefly in the lecture. Therefore, the material after slide 76 in the cryptography handout will not be examinable.
Exercises and exam questions
You are encouraged to use the online Otter system for supervisions, exercises and exam questions. An offline exercise sheet for the initial part of the course is still available as a backup for the Otter-challenged, but Otter will be more complete and up to date.
FMS prepared two question sets, 1 and 2. Supervisor Daniel Thomas kindly imported the MGK questions into another set; he also provides his own question sets for supervisions 1 and 2, based on FMS's "but with a few tweaks".
Note about exams
Supervisors tell me (FMS) that supervisees repeatedly ask who sets the questions and whether the questions I set will be only on things I lectured and so forth. Let it therefore be known that FMS and MGK will each set one question and that each such question may relate to any part of the syllabus, including topics lectured by the other lecturer or by the guest lecturers. See for example 2012 for constructive proof of me setting and marking a question on a part of the course I did not personally lecture that year.
Instructions for supervisors who need access to the supervisor tab: please email Dr Stajano with your crsid, the name of your supervisor and a declaration that they have agreed to your supervising this course.