Computer Security: Principles and Foundations

This course is taught in a seminar style. Each week we expect students to read the set papers below and either prepare a presentation or submit an essay. During the session we will then watch the presentations and discuss the papers.

Slides

1. Introduction to R209
2. Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals
3. Spy-oT: Understanding How Users Learn to Use Internet of Things Devices For Abusive Purposes

Reading assignments

The following papers are assigned reading for R209, which should be read prior to the class indicated. Please contact the module instructors if you have any questions.

1. Threat modelling (9 October 2025 - Watson, Hutchings)

   • A. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, and Robert N. M. Watson. Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS), February 2019.

   • Kieron Ivy Turk and Alice Hutchings. Spy-oT: Understanding how users learn to use Internet of Things devices for abusive purposes. Proceedings of the 21st Symposium on Usable Privacy and Security, pages 185–203, 2025.

2. Usable security (16 October 2025 - Hutchings)

   • Alma Whitten and J.D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0, USENIX Security, 1999.

   • Cormac Herley. More is not the answer. IEEE Security & Privacy 12:1 pp 14-19, 2013.

   • Kieron Ivy Turk and Alice Hutchings. Stop Following Me! Evaluating the malicious uses of personal item tracking devices and their anti-stalking features. ACM European Symposium on Usable Security (EuroUSEC), Karlstad, 2024.

3. Fifty Years of Access Control (23 October 2025 - Watson)

   • David E. Bell and Leonard J. La Padula, Secure Computer Systems: Mathematical Foundations. ESD-TR-73-278, Vol. I, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA 01731 (Nov. 1973).

   • David Wagner and Dean Tribble, A Security Analysis of the Combex DarpaBrowser Architecture, March 4, 2002.

   • Robert N. M. Watson. A decade of OS access-control extensibility. Communications of the ACM 56(2), February 2013.

4. Leveraging hardware vulnerabilities (30 October 2025 - Beresford)

   • Kaveh Razavi, Ben Gras, and Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. Flip Feng Shui: Hammering a Needle in the Software Stack. Proceedings of the 25th USENIX Security Symposium, August 2016.

   • Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg et al. Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP), pp. 1-19. IEEE, 2019.

   • Jiexin Zhang, Alastair R. Beresford, and Ian Sheret. SensorID: Sensor calibration fingerprinting for smartphones. Proceedings of the IEEE Symposium on Security and Privacy, 2019.

5. Security Economics (6 November 2025 - Hutchings)

   • Michel van Eeten, Johannes M. Bauer, Hadi Asghari, Shirin Tabatabaie, and Dave Rand, The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data, WEIS 2010.

   • Marie Vasek and Tyler Moore, There’s No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams. International Conference on Financial Cryptography and Data Security, 2015.

   • Ross Anderson and Tyler Moore, Information security: where computer science, economics, and psychology meet, Phil Trans Roy Soc A v 367 no 1898 pp 2717–2727 (2009).

6. Correctness vs. Mitigation (13 November 2025 - Watson)

   • Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood, seL4: formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems principles (SOSP '09)

   • Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler, A few billion lines of code later: using static analysis to find bugs in the real world, Communications of ACM 53(2) (February 2010)

   • Brooks Davis, Robert NM Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall et al. CheriABI: Enforcing valid pointer provenance and minimizing pointer privilege in the POSIX C run-time environment. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 379-393. ACM, 2019.

7. Cryptographic identity (20 November 2025 - Kleppmann)

   • Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman, CONIKS: Bringing Key Transparency to End Users, Proceedings of the 24th USENIX Security Symposium, 2015

   • Karissa Rae McKelvey, Benjamin Royer, Chris Sun (daiyi), Cade Diehm, and Peter van Hardenberg, Backchannel: A relationship-based digital identity system, Technical Report, Ink & Switch, September 2021

   • Martin Kleppmann, Paul Frazee, Jake Gold, Jay Graber, Daniel Holmgren, Devin Ivy, Jeromy Johnson, Bryan Newbold, and Jaz Volpert, Bluesky and the AT Protocol: Usable Decentralized Social Media, Proceedings of the ACM Conext-2024 Workshop on the Decentralization of the Internet (DIN 2024)

8. Metadata-private communications (27 November 2025 - Kleppmann, Beresford)

   • Roger Dingledine, Nick Mathewson, and Paul Syverson, Tor: The Second-Generation Onion Router, Technical Report, Naval Research Laboratory, 2004.

   • Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis, The Loopix Anonymity System, Proceedings of the 26th USENIX Security Symposium, 2017.

   • Ceren Kocaoğullar, Daniel Hugenroth, Martin Kleppmann, and Alastair R. Beresford, Pudding: Private User Discovery in Anonymity Networks, Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2024.

   Optional additional readings:

   • David L. Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, Communications of the ACM 24(2) (February 1981)