IT 962: Advanced Topics in Computer Security: Cyber-Identity, Authority and Trust

Crosslisted as ISA 797

Professor Ravi Sandhu

Spring 2006

Thursday 4:30pm-7:10pm, Innovation Hall 206

www.profsandhu.com/it962

Important Notice:

• 4/20/06: Examination 3 has been posted here. Examination 4 is available as an option for students who scored below a B average on examinations 1 or 2 using the scale provided at grading scale. Students interested in exercising this option should email to sandhu@gmu.edu by April 27th.
• 4/13/06: Schedule for rest of the semester has been updated.
• 3/16/06: Examination 2 has been posted here.
• 2/7/06: Examination 1 has been modified to answer only one of the questions and expand the answer to 1000 words.
• Watch this space for important announcements.

Course Prerequisites:    

• ISA 662 (previously INFS 762) and ISA 666 (previously INFS 766). One of these may be taken concurrently.
• Must be internet, web and pdf (get Acrobat Reader here) capable.
• Must know how to access ACM, IEEE and any other digital libraries available to the GMU community. On-campus and off-campus access to these libraries is available to all GMU students. Links are conveniently available at University Libraries -- Database Wizard.

Schedule of Classes (Subject to change):

• 01/26/06: Introduction | slides
• 02/02/06: Usage Control
  • UCON paper | with markup
• 02/09/06: PEI Models and the precursor OM-AM
  • PEI paper | OM-AM paper | OM-AM slides
• 02/16/06: Examination 1 due 02/23/06 before class. Posted here. Grading scale. No lecture on 02/16/06.
• 02/23/06: Trust difficulties
  • Ken Thomson. "Reflections on trusting trust. "Commun. ACM 27, 8 (Aug. 1984) 761-763. Available in ACM area of GMU digital library.
  • J.M. Hayes. "The problem with multiple roots in Web browsers-certificate masquerading". Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE 1998. (WET ICE '98) 17-19 June 1998 Page(s): 306-311. Available in IEEE area of GMU digital library.
    Slides for Hayes segment
  • J. Marchesini, S.W. Smith, M. Zhao. "Keyjacking: the Surprising Insecurity of Client-side SSL." Computers and Security. 4 (2): 109-123. March 2005. Available in Elsevier - ScienceDirect area of GMU digital library. Also available at Sean Smith's home page.
  • Alain Hiltgen, Thorsten Kramp, Thomas Weigold. "Secure Internet Banking Authentication." IBM Zurich Research Laboratory. Available at IBM site.
• 03/02/06: Guest lecture: David Wheeler of IDA and GMU on Countering Trusting Trust
  • David Wheeler. "Countering Trusting Trust through Diverse Double-Compiling." Proc. 21st Annual Computer Security Applications Conference, 5-9 Dec. 2005, Page(s):33-48. Available in IEEE area of GMU digital library.
    Slides
• 03/09/06: Exam 1 review and in-class discussion
• 03/16/06: Spring Break
• 03/23/06: Examination 2 due 03/30/06 before class. Posted here. No lecture on 03/23/06.
• 03/30/06: Trust Management 1
  • Blaze, M., Feigenbaum, J. and Lacy, J. "Decentralized trust management." IEEE Symposium on Security and Privacy, 6-8 May 1996, pages 164-173. Available in IEEE area of GMU digital library.
  • Herzberg, A., Mass, Y., Mihaeli, J., Naor, D. and Ravid, Y. "Access control meets public key infrastructure, or: assigning roles to strangers." IEEE Symposium on Security and Privacy, 14-17 May 2000, pages 2-14. Available in IEEE area of GMU digital library.
  • Certificate Triangle Slide
• 04/06/06: Trust Management 2
  • Ninghui Li and John C. Mitchell. "RT: A Role-Based Trust Management Framework." In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C., April 2003. IEEE Computer Society Press, Los Alamitos, California, pp. 201--212. Available in IEEE area of GMU digital library and also at Ninghui Li's web site here .
• 04/13/06: Exam 2 review and in-class discussion
• 04/20/06: Digital Identity
  • Volker Scheuber's identity experience at Novell's Cool Blogs
  • Dick Hardt's Web 2.0 2005 conference presentation
  • Dick Hardt's ETech 2006 sequel
  • Kim Cameron's Laws of Identity
• 04/27/06: Miscellaneous Topics
  • Bill Burr PKI is hard, but ...
  • Anders Rundgren Web Server Signing
  • Ravi Sandhu Digital Signature Usability
  • Liberty Alliance Identity Theft Primer
  • The token necklace problem
• 05/04/06: Examination 3 due 05/11/06 by midnight. Posted here. No lecture on 05/04/06.
• 05/11/06: Examination 4 is available as an option for students who scored below a B average on examinations 1 or 2 using the scale provided at grading scale. Students interested in exercising this option should email to sandhu@gmu.edu by April 27th.

Grading Policy:

• Grades will be based on examinations and class participation.

Archive: None