Course pages 2016–17
Security II
As this is a final-year Part II course, students are encouraged to follow their curiosity and read the first-hand research papers listed below as opposed to relying only on the course handout. If you're thinking "Wow! That's a lot of papers! How on Earth am I going to do that?!?" then the advice in the following two-page paper may be helpful in acquiring this vital research skill: S. Keshav, "How to Read a Paper", ACM SIGCOMM CCR 37(3):83--84, 2007.
Lecture slides (by lecturer) and relevant reading material
All lectures 1200-1300 in LT2 @ WGB.
- Frank Stajano:
- Security,
human factors and psychology. Passwords. Security policies. Physical
security. (MWF 20 Jan - 1 Feb)
- Ross Anderson, Security Engineering (Book)
- Kevin Mitnick, The art of deception (Book)
- Alma Whitten, Doug Tygar, Why Johnny can't encrypt
- Anne Adams, Angela Sasse, Users are not the enemy
- Frank Stajano, Paul Wilson, Understanding scam victims
- Robert Cialdini, Influence - science and practice (Book)
- Daniel Kahneman, Nobel lecture (video, article).
- Daniel Kahneman, Amos Tversky, Prospect theory: an analysis of decision under risk
- Daniel Kahneman, Thinking fast and slow (Book)
- Elliott Bell, Len La Padula, Secure computer system: unified exposition and Multics interpretation
- Shishir Nagaraja, Ross Anderson, The snooping dragon: social-malware surveillance of the Tibetan movement
- David Brewer, Michael Nash, The Chinese Wall Security Policy (can you find the flaw?)
- David Clark, David Wilson, A Comparison of Commercial and Military Computer Security Policies
- Frank Stajano, Ross Anderson, The Resurrecting Duckling
- Joseph Bonneau, Sören Preibusch, The password thicket
- Frank Stajano, Max Spencer, Graeme Jenkinson, Quentin Stafford-Fraser. Password-manager friendly (PMF): Semantic annotations to improve the effectiveness of password managers
- Joseph Bonneau, Cormac Herley, Paul van Oorschot, Frank Stajano, The quest to replace passwords
- Frank Stajano, Pico: no more passwords
- Adam Beautement, Angela Sasse, Mike Wonham, The compliance budget
- Andreas Pashalidis, Chris Mitchell, A Taxonomy of Single Sign-On Systems
- Roger Needham, Denial of service: an example
- Matt Blaze, Rights Amplification in Master-Keyed Mechanical Locks
- Richard Clayton:
- Security economics (Fri 3 Feb)
- Steven Murdoch:
- Anonymity and censorship resistance (Mon 6 Feb)
- Markus Kuhn:
- Asymmetric cryptography (MWF 8–24 Feb)
2up handout, 4up handout, slide show, exercise sheetExercises and exam questions
You are encouraged to use the online Otter system for supervisions, exercises and exam questions. An old offline exercise sheet for the initial part of the course is still available as a backup for the Otter-challenged, but Otter should be a superset of that.
FMS prepared two question sets, 1 and 2. Supervisor Daniel Thomas kindly imported some cryptography questions into another set; he also provides his own question sets for supervisions 1 and 2, based on FMS's "but with a few tweaks".
Note about exams
Supervisors tell me (FMS) that supervisees repeatedly ask who sets the questions and whether the questions I set will be only on things I lectured and so forth. Let it therefore be known that FMS and MGK will each set one question and that each such question may relate to any part of the syllabus, including topics lectured by the other lecturer or by the guest lecturers. We have constructive proof of me setting and marking a question on a part of the course I did not personally lecture that year.
Instructions for supervisors who need access to the supervisor tab: please email teaching-admin.