Course pages 2015–16

Security II

As this is a final-year Part II course, students are encouraged and expected to read the research papers listed below as opposed to relying only on the course handout. If you're thinking "Wow! That's a lot of papers! How on Earth am I going to do that?!?" then the advice in the following two-page paper may be helpful in acquiring this vital research skill: S. Keshav, "How to Read a Paper", ACM SIGCOMM CCR 37(3):83--84, 2007.

Lecture slides (by lecturer) and relevant reading material

All lectures 1200-1300 in LT2 @ WGB.

Frank Stajano:

Security, human factors and psychology. Passwords. Security policies. Physical security. (MWF 15-27 Jan)

• Ross Anderson, Security Engineering
• Kevin Mitnick, The art of deception
• Alma Whitten, Doug Tygar, Why Johnny can't encrypt
• Anne Adams, Angela Sasse, Users are not the enemy
• Frank Stajano, Paul Wilson, Understanding scam victims
• Robert Cialdini, Influence - science and practice
• Daniel Kahneman, Nobel lecture (video, article).
• Daniel Kahneman, Amos Tversky, Prospect theory: an analysis of decision under risk
• Daniel Kahneman, Thinking fast and slow
• Elliott Bell, Len La Padula, Secure computer system: unified exposition and Multics interpretation
• David Brewer, Michael Nash, The Chinese Wall Security Policy (can you find the flaw?)
• David Clark, David Wilson, A Comparison of Commercial and Military Computer Security Policies
• Frank Stajano, Ross Anderson, The Resurrecting Duckling
• Joseph Bonneau, Sören Preibusch, The password thicket
• Frank Stajano, Max Spencer, Graeme Jenkinson, Quentin Stafford-Fraser. Password-manager friendly (PMF): Semantic annotations to improve the effectiveness of password managers
• Joseph Bonneau, Cormac Herley, Paul van Oorschot, Frank Stajano, The quest to replace passwords
• Frank Stajano, Pico: no more passwords
• Adam Beautement, Angela Sasse, Mike Wonham, The compliance budget
• Andreas Pashalidis, Chris Mitchell, A Taxonomy of Single Sign-On Systems
• Roger Needham, Denial of service: an example
• Matt Blaze, Rights Amplification in Master-Keyed Mechanical Locks

Richard Clayton:

Security economics (Fri 29 Jan)

Steven Murdoch:

Anonymity and censorship resistance (Mon 1 Feb)

Markus Kuhn:

Asymmetric cryptography (MWF 3–19 Feb)
2up handout, 4up handout, slide show, exercise sheet
Available to current Part II students after the end of supervisions:

• solution notes for the exercise sheet
• selected past exam questions with solution notes

Errata: Slide 14: z_i → z_i−1.
Exercise 16 (e): SHA-1 value was wrong.

Exercises and exam questions

You are encouraged to use the online Otter system for supervisions, exercises and exam questions. An old offline exercise sheet for the initial part of the course is still available as a backup for the Otter-challenged, but Otter will be more complete and up to date.

FMS prepared two question sets, 1 and 2. Supervisor Daniel Thomas kindly imported some cryptography questions into another set; he also provides his own question sets for supervisions 1 and 2, based on FMS's "but with a few tweaks".

Note about exams

Supervisors tell me (FMS) that supervisees repeatedly ask who sets the questions and whether the questions I set will be only on things I lectured and so forth. Let it therefore be known that FMS and MGK will each set one question and that each such question may relate to any part of the syllabus, including topics lectured by the other lecturer or by the guest lecturers. See for example 2012 for constructive proof of me setting and marking a question on a part of the course I did not personally lecture that year.

Instructions for supervisors who need access to the supervisor tab: please email teaching-admin.

Instructions for lecturers: how to edit this page