IT 962: Advanced Topics in Computer Security: Cyber-Identity, Authority and Trust

Crosslisted as ISA 797

Professor Ravi Sandhu

Spring 2006

Thursday 4:30pm-7:10pm, Innovation Hall 206

www.profsandhu.com/it962

Important Notice:

  • 4/20/06: Examination 3 has been posted here. Examination 4 is available as an option for students who scored below a B average on examinations 1 or 2 using the scale provided at grading scale. Students interested in exercising this option should email to sandhu@gmu.edu by April 27th.
  • 4/13/06: Schedule for rest of the semester has been updated.
  • 3/16/06: Examination 2 has been posted here.
  • 2/7/06: Examination 1 has been modified to answer only one of the questions and expand the answer to 1000 words.
  • Watch this space for important announcements.

Course Prerequisites:    

  • ISA 662 (previously INFS 762) and ISA 666 (previously INFS 766). One of these may be taken concurrently.
  • Must be internet, web and pdf (get Acrobat Reader here) capable.
  • Must know how to access ACM, IEEE and any other digital libraries available to the GMU community. On-campus and off-campus access to these libraries is available to all GMU students. Links are conveniently available at University Libraries -- Database Wizard.

Schedule of Classes (Subject to change):

  • 01/26/06: Introduction | slides
  • 02/02/06: Usage Control
  • 02/09/06: PEI Models and the precursor OM-AM
  • 02/16/06: Examination 1 due 02/23/06 before class. Posted here. Grading scale. No lecture on 02/16/06.
  • 02/23/06: Trust difficulties
    • Ken Thomson. "Reflections on trusting trust. "Commun. ACM 27, 8 (Aug. 1984) 761-763. Available in ACM area of GMU digital library.
    • J.M. Hayes. "The problem with multiple roots in Web browsers-certificate masquerading". Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE 1998. (WET ICE '98) 17-19 June 1998 Page(s): 306-311. Available in IEEE area of GMU digital library.
      Slides for Hayes segment
    • J. Marchesini, S.W. Smith, M. Zhao. "Keyjacking: the Surprising Insecurity of Client-side SSL." Computers and Security. 4 (2): 109-123. March 2005. Available in Elsevier - ScienceDirect area of GMU digital library. Also available at Sean Smith's home page.
    • Alain Hiltgen, Thorsten Kramp, Thomas Weigold. "Secure Internet Banking Authentication." IBM Zurich Research Laboratory. Available at IBM site.
  • 03/02/06: Guest lecture: David Wheeler of IDA and GMU on Countering Trusting Trust
    • David Wheeler. "Countering Trusting Trust through Diverse Double-Compiling." Proc. 21st Annual Computer Security Applications Conference, 5-9 Dec. 2005, Page(s):33-48. Available in IEEE area of GMU digital library.
      Slides
  • 03/09/06: Exam 1 review and in-class discussion
  • 03/16/06: Spring Break
  • 03/23/06: Examination 2 due 03/30/06 before class. Posted here. No lecture on 03/23/06.
  • 03/30/06: Trust Management 1
    • Blaze, M., Feigenbaum, J. and Lacy, J. "Decentralized trust management." IEEE Symposium on Security and Privacy, 6-8 May 1996, pages 164-173. Available in IEEE area of GMU digital library.
    • Herzberg, A., Mass, Y., Mihaeli, J., Naor, D. and Ravid, Y. "Access control meets public key infrastructure, or: assigning roles to strangers." IEEE Symposium on Security and Privacy, 14-17 May 2000, pages 2-14. Available in IEEE area of GMU digital library.
    • Certificate Triangle Slide
  • 04/06/06: Trust Management 2
    • Ninghui Li and John C. Mitchell. "RT: A Role-Based Trust Management Framework." In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C., April 2003. IEEE Computer Society Press, Los Alamitos, California, pp. 201--212. Available in IEEE area of GMU digital library and also at Ninghui Li's web site here .
  • 04/13/06: Exam 2 review and in-class discussion
  • 04/20/06: Digital Identity
  • 04/27/06: Miscellaneous Topics
  • 05/04/06: Examination 3 due 05/11/06 by midnight. Posted here. No lecture on 05/04/06.
  • 05/11/06: Examination 4 is available as an option for students who scored below a B average on examinations 1 or 2 using the scale provided at grading scale. Students interested in exercising this option should email to sandhu@gmu.edu by April 27th.

Grading Policy:

  • Grades will be based on examinations and class participation.

Archive: None