CS 6393: Foundations of Cyber Security

Prof. Ravi Sandhu

Spring 2012, Friday 10am-12:45pm, Location: SB 3.02.10A
www.profsandhu.com/cs6393_s12

All course related email should be sent to ravi.cs6393@gmail.com

Important Notices:

• 04/12/12: Examination 2 has been posted docx pdf. Due via email Friday May 11, 2012 by 5:00pm.
  Paper required for question 4: Hiltgen, A.; Kramp, T.; Weigold, T.; , "Secure Internet banking authentication," Security & Privacy, IEEE , vol.4, no.2, pp.21-29, March-April 2006 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1621056&isnumber=33953
• 02/23/12: Examination 1 has been posted doc pdf. Due via email Tuesday March 13, 2012 by 5:00pm.
• 02/02/12: Thanks to everyone for providing information about prerequisites. One student still missing. Hopefully you know who you are.
• 01/27/12: REMINDER: Every student is required to email me at ravi.cs6393@gmail.com a statetment that they are complaint with the prerequisites. If you are not compliant then identify how you are falling short and that you would nevertheless like to take the course.
• 01/19/12: Every student is required to email me at ravi.cs6393@gmail.com a statetment that they are complaint with the prerequisites.
• 12/14/11: Web site is stable through week of 3/2/12. Additional details for material after 3/2/12 will be added after statrt of Spring 2012 semester.
• 11/22/11: First version of weekly schedule week posted. Details will change through the semester.
• 11/18/11: Initial web site created.
• Watch this space for important announcements throughout the course. Recent announcements will be highlighted in red.

Course Prerequisites:

• Completion of at least three out of four core course for MS degree in CS Department (CS 5363, CS 5513, CS 5523 and CS 5633) or equivalent.
• Completion of CS 5323 or equivalent.
• Comfortable with Discrete Mathematics.
• Comfortable accessing and searching papers on-line via http://lib.utsa.edu/Databases/ and via Google Scholar.

Catalog Description:

• 6393 Advanced Topics in Computer Security (3-0) 3 hours credit.
  Analysis of computer security. The topics may include but are not limited to database and distributed systems security, formal models for computer security, privacy and ethics, intrusion detection, critical infrastructure protection, network vulnerability assessments, wireless security, trusted computing, and highly dependable systems. May be repeated for credit when topics vary.

Course Format:

• Lectures with supporting papers from the literature.
• Examinations will require critical thinking beyond material available in the lectures, supporting papers and the Internet.

Course Objectives:

• This is a research-oriented course designed for students in the PhD program. MS students interested in learning about cyber security foundations and research may also find it beneficial.
• Primary goal is to develop critical understanding and thinking with respect to foundational issues in cyber scurity.
• These papers don't age. If you don't know this stuff you are not an expert.

Grading:

• Grades will be based on examinations and class participation.

Examination Protocol and Schedule:

• There are two examinations, nominally assigned to one lecture period each.
• Examinations will be posted on the class web page, embedded in the weekly schedule.
• Solutions are due on the posted date. No extensions without strong cause.
• Each examination is to be solved by students individually. Students can access whatever material they choose but cannot discuss with other students or colleagues.
• Each solution must be accompanied by the following statement: I have not taken any help on this examination from anybody and have not given any help to anybody.
• Each solution must be within the length limits provided.
• Solutions are to be submitted by email in pdf to ravi.cs6393@gmail.com

Schedule Notes:

• The weekly schedule is subject to change and adjustment as the semester proceeds.
• Assigned readings for a lecture should be read in full in advance of the lecture for maximum benefit. Readings marked as partial are not required to be read in full. Selected aspects will be covered in class. Readings marked as reference should be reviewed as indicated in each case and will only be discussed briefly in class.

Schedule of Lectures, Readings and Examinations by Week:

• 01/20/12: DAC 1: Foundations and limitations of Discretionary Access Control
  
• 01/27/12: DAC 2: Foundations and limitations of Discretionary Access Control
  Papers for DAC 1 and 2:
  
  Read fully:
  1. Article on Turing Machines, Stanford Encyclopedia of Philosophy http://plato.stanford.edu/entries/turing-machine/
  2. G. Scott Graham and Peter J. Denning. 1971. Protection: principles and practice. In Proceedings of the Spring Joint Computer Conference (AFIPS '72 Spring), May 16-18, 1972, pages 417-429. http://doi.acm.org/10.1145/1478873.1478928
  3. Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. 1976. Protection in operating systems. Commun. ACM 19, 8 (August 1976), 461-471. http://doi.acm.org/10.1145/360303.360333
  Read partially:
  4. Michael A. Harrison and Walter L. Ruzzo, ``Monotonic Protection Systems,'' In Foundations of Secure Computation, 1979.
  5. Sandhu, R.S., ``The typed access matrix model,'' IEEE Computer Society Symposium on Research in Security and Privacy, pp.122-136, 4-6 May 1992. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=213266&isnumber=5566
  6. Sandhu, R.S. and Ganta, S., ``On testing for absence of rights in access control models,'' Proceedings IEEE Computer Security Foundations Workshop VI, pp.109-118, 15-17 Jun 1993. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=246635&isnumber=6323
  Read as reference:
  7. Mahesh V. Tripunitara and Ninghui Li, ``A theory for comparing the expressive power of access control models.'' Journal of Computer Security, Volume 15, Number 2, 231-272, 2007. http://iospress.metapress.com/content/1CCMK5A6WFWQK5CU . This paper may be covered in a later lecture.
  8. Sandhu, R.S. and Samarati, P., "Access control: principle and practice," IEEE Communications Magazine, vol.32, no.9, pp.40-48, Sep 1994. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=312842&isnumber=7577 .
     Students should be completely familiar with the material in this paper.
• 02/03/12: LBAC 1: Foundations and limitations of Lattice-Based Access Control (also known as Mandatory Access Control-MAC or Multilevel Security-MLS or Bell-LaPadula-BLP)
  
• 02/10/12: LBAC 2: Foundations and limitations of Lattice-Based Access Control (also known as Mandatory Access Control-MAC or Multilevel Security-MLS or Bell-LaPadula-BLP)
  Lecture Slides: 1. LBAC-BLP-BIBA (pptx) (pdf) 2. LBAC-Chinese-Wall (pptx) (pdf) 3. LBAC-System-Z (pptx) (pdf)
  Papers for LBAC 1 and 2:
  Read fully:
  1. Sandhu, R.S., "Lattice-based access control models," IEEE Computer, vol.26, no.11, pp.9-19, Nov 1993. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=241422&isnumber=6200
  Read partially:
  2. John McLean, Roger R. Schell and Donald L. Brinkley, "Security Models." Encyclopedia of Software Engineering, Wiley 1994. http://onlinelibrary.wiley.com/doi/10.1002/0471028959.sof297/full
  3. S.B. Lipner, "Nondiscretionary Controls for Commercial Applications," Proc of IEEE Symposium on Security and Privacy, 1982, pages 2-10.
  4. D.F.C. Brewer and M.J. Nash, "The Chinese Wall Security Policy," Proc of IEEE Symposium on Security and Privacy, 1989, pages 215-228. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=36295
  5. Pittelli, P. (1987). The Bell-LaPadula computer security model represented as a special case of the Harrison-Ruzzo-Ullman model. In Proceedings of the 10th National Computer Security Conference, Gaithersburg, Maryland, pp. 118-121.
  Read as reference:
  6. Goguen, J.A. and Meseguer, J., "Security policies and security models," Proc of IEEE Symposium on Security and Privacy, 1982, pages 11-20.
  7. Goguen, J.A. and Meseguer, J., "Unwinding and inference control," Proc of IEEE Symposium on Security and Privacy, 1984, pages 75-86.
     The above two are the original papers on non-interference and students should at least skim the contents of both.
  8. John McLean. A comment on the `basic security theorem' of Bell and LaPadula. Information Processing Letters Volume 20, Issue 2, 15 February 1985, Pages 67-70. http://www.sciencedirect.com/science/article/pii/0020019085900651
  9. McLean, J., "Security models and information flow," IEEE Computer Society Symposium on Research in Security and Privacy, pp.180-187, 7-9 May 1990. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=63849&isnumber=2323
  10. McCullough, D., "Noninterference and the composability of security properties," Proceedings IEEE Symposium on Security and Privacy, 1988, pp.177-186, 18-21 Apr 1988. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8110&isnumber=427
  11. Riccardo Focardi and Roberto Gorrieri. Classification of Security Properties (Part I: Information Flow). R. Focardi and R. Gorrieri (Eds.): FOSAD 2000, LNCS 2171, pp. 331-396. http://www.springerlink.com/content/10gb5ecv3fpr7vlg/fulltext.pdf
  12. Mantel, H., "Possibilistic definitions of security-an assembly kit." IEEE Computer Security Foundations Workshop, 2000, pages 185-199. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=856936&isnumber=18612
• 02/17/12: RBAC 1: Foundations and limitations of Role-Based Access Control
  
• 02/24/12: RBAC 2: Foundations and limitations of Role-Based Access Control
  Lecture Slides: 1. RBAC96 model (pptx) (pdf) 2. NIST-ANSI model (pptx) (pdf) 3. RBAC-LBAC-DAC (pptx) (pdf) 4. OMAM-PEI (pptx) (pdf)
  Papers for RBAC 1 and 2:
  Read fully:
  1. Sandhu, R.S., Coyne, E.J., Feinstein, H.L. and Youman, C.E., "Role-based access control models," IEEE Computer, vol.29, no.2, pp.38-47, Feb 1996. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=485845&isnumber=10411
  2. Ravi Sandhu. Engineering authority and trust in cyberspace: the OM-AM and RBAC way. In Proceedings of the fifth ACM workshop on Role-based access control (RBAC '00). ACM, New York, NY, USA, 111-119. http://doi.acm.org/10.1145/344287.344309
  3. Sandhu, R., "The PEI framework for application-centric security," Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN), pp.1-6, 20-22 May 2009. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5683065&isnumber=5683045
  Read partially:
  4. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4, 3 (August 2001), 224-274. http://doi.acm.org/10.1145/501978.501980
  5. Sylvia Osborn, Ravi Sandhu, and Qamar Munawer. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3, 2 (May 2000), 85-106. http://doi.acm.org/10.1145/354876.354878
• 03/02/12: Examination 1. doc pdf  No lecture.
  Due Tuesday March 13, 2012 by 5:00pm.
• 03/09/12: Covert Channels etc
  Lecture Slides: 1. Covert Channels (pptx) (pdf) 2. Orange Book (pptx) (pdf) 3. Common Criteria (pptx) (pdf)
  
  Read fully:
  1. Butler W. Lampson. 1973. A note on the confinement problem. Commun. ACM 16, 10 (October 1973), 613-615. http://doi.acm.org/10.1145/362375.362389
  Read partially:
  2. Zander, S.; Armitage, G.; Branch, P.; , "Covert channels and countermeasures in computer network protocols [Reprinted from IEEE Communications Surveys and Tutorials]," Communications Magazine, IEEE , vol.45, no.12, pp.136-142, December 2007 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4395378&isnumber=4395351
  3. Chen, Shuo; Wang, Rui; Wang, XiaoFeng; Zhang, Kehuan; , "Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow," Security and Privacy (SP), 2010 IEEE Symposium on , vol., no., pp.191-206, 16-19 May 2010 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5504714&isnumber=5504699
  4. http://www.discretix.com/images/stories/Introduction_to_Side_Channel_Attacks.pdf
  5. Santosh Chokhani. 1992. Trusted products evaluation. Commun. ACM 35, 7 (July 1992), 64-76. http://doi.acm.org/10.1145/129902.129907
• 03/16/12: Spring Break. No lecture.
• 03/23/12: IDS: Intrusion Detection Systems
  Papers for IDS:
  Read fully:
  1. Stefan Axelsson. 2000. The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. 3, 3 (August 2000), 186-205. http://doi.acm.org/10.1145/357830.357849
  Read as reference:
  2. Cardenas, A.A.; Baras, J.S.; Seamon, K.; , "A framework for the evaluation of intrusion detection systems," 2006 IEEE Symposium on Security and Privacy, 21-24 May 2006 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1624001&isnumber=34091
  3. Sommer, Robin; Paxson, Vern; , "Outside the Closed World: On Using Machine Learning for Network Intrusion Detection," IEEE Symposium on Security and Privacy, 305-316, 16-19 May 2010. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5504793&isnumber=5504699
• 03/30/12: UCON: Usage and Activity Control: Guest Lecture by Dr. Jae Park
  Lecture Slides: UCON-and-ACON (pptx) (pdf)
  Papers for UCON:
  Read partially:
  1. Jaehong Park and Ravi Sandhu. The UCON_ABC Usage Control Model, ACM Transactions on Information and System Security, Volume 7, Number 1, February 2004, pages 128-174.
     
  Read fully:
  2. Jaehong Park, Ravi Sandhu and Yuan Cheng, ACON: Activity-Centric Access Control for Social Computing. In Proceedings 5th International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, August 22-26, 2011, 6 pages. Presentation (pptx) (pdf)
  3. Jaehong Park, Ravi Sandhu and Yuan Cheng, A User-Activity-Centric Framework for Access Control in Online Social Networks , IEEE Internet Computing, 15(5): 62-65, September 2011.
• 04/06/12: SSL 1: The protocol at the foundation of web security and its successes and failures
  
• 04/13/12: SSL 2: The protocol at the foundation of web security and its successes and failures
  Lecture Slides: SSL (pptx) (pdf)
  Papers for SSL 1 and 2:
  Read fully:
  1. "The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J.M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE 1998. (WET ICE '98) 17-19 June 1998 Page(s): 306 -311. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=725710&isnumber=15665
  2. "An overview of PKI trust models" by Perlman, R. IEEE Network, Volume: 13 Issue: 6 , Nov.-Dec. 1999 Page(s): 38-43. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=806987&isnumber=17493
  Read as reference:
  3. The Transport Layer Security (TLS) Protocol Version 1.2 (RFC 5246)
• 04/20/12: Examination 2. docx pdf  No lecture.
  Due Friday May 12, 2012 by 5:00pm.
  Paper required for question 4: Hiltgen, A.; Kramp, T.; Weigold, T.; , "Secure Internet banking authentication," Security & Privacy, IEEE , vol.4, no.2, pp.21-29, March-April 2006 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1621056&isnumber=33953
• 04/27/12: Viruses Limits of detection and trust
  Papers for Viruses:
  Read fully:
  1. Fred Cohen, Computer viruses: Theory and experiments, Computers & Security, Volume 6, Issue 1, February 1987, Pages 22-35. http://www.sciencedirect.com/science/article/pii/0167404887901222
  2. Ken Thompson. Reflections on trusting trust. Commun. ACM 27, 8 (August 1984), 761-763. http://doi.acm.org/10.1145/358198.358210
  Read as reference:
  3. Wheeler, D.A., "Countering trusting trust through diverse double-compiling," 21st Annual Computer Security Applications Conference, pp.13-48, 5-9 Dec. 2005. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1565233&isnumber=33214
  4. Adleman, Leonard, An Abstract Theory of Computer Viruses, Advances in Cryptology - Crypto 1988. http://dx.doi.org/10.1007/0-387-34799-2_28

  END