Tentative Syllabus

This syllabus is tentative and will undoubtedly continue to change as the quarter progresses. If there is a topic you’re interested in but not shown, please let me know; I may well change things to cover it. All readings are from the text unless otherwise indicated.
Week 1: Dates: Sep 27, Sep 29
Lec 1–2 Topics: Introduction, principles of secure design, threats and policies
Reading: text, § 1, 14; papers: Sm12, MA19
Week 2: Dates: Oct 2, Oct 4, Oct 6
Lec 3–5 Topics: Basic policy models: Bell-LaPadula, Biba, Clark-Wilson
Reading: text, § 5.1–5.2.2, 5.3, 6.2, 6.4; papers: Sa93
Week 3: Dates: Oct 9, Oct 11, Oct 13
Lec 6–8 Topics: Symmetric and public key cryptography
Reading: text, §10
Due: Oct 9: homework 1; Oct 11: project question
Week 4: Dates: Oct 16, Oct 18, Oct 20
Lec 9–11 Topics: Protocols, authentication
Reading: text, §11.1, 12.1, 12.4, 12.5, 13; papers: Ke93
Week 5: Dates: Oct 23, Oct 25, Oct 27
Lec 12–14 Topics: Access control mechanisms, confinement problem, reference monitor
Reading: text, §16.1–16.3, 18.1–18.2, 20.1.2.2; papers: HS16
Due: Oct 23: homework 2; Oct 27: project background research
Week 6: Dates: Oct 30, Nov 1, Nov 3
Lec 15–17 Topics: Confinement problem, vulnerabilities
Reading: text, §18.2, 24.3–24.4; papers: La73, Li75
Week 7: Dates: Nov 6, Nov 8, Nov 10     [Note: Nov 10 is a university holiday, for Veterans’ Day]
Lec 18–20 Topics: Elections and e-voting, malware
Reading: text, §23.6.2–23.7, 23.9, 26.1–26.3, 28.1, 28.3; papers: Bi00, O+17
Due: Nov 6: homework 3
Week 8: Dates: Nov 13, Nov 15, Nov 17
Lec 20–22 Topics: Malware, penetration testing,
Reading: text, §24.1–24.2, 23.1–23.6.1; papers: B+07
Week 9: Dates: Nov 20, Nov 22, Nov 24     [Note: Nov 25 is a university holiday, for Thanksgiving]
Lec 23–24     Topics: Network security, firewalls, intrusion detection, entropy, information flow
Reading: text, §23.9.7, C, 17.1, 17.3–17.6; papers: B+07, De87
Due: Nov 20: homework 4; Nov 22: project progress report
Week 9: Dates: Nov 27, Nov 29, Dec 1
Lec 25–27 Topics: Information flow, identity
Reading: §15
Week 10: Dates: Dec 4, Dec 6     [Note: Dec 6 is the last class]
Lec 28–29 Topics: Identity, anonymity, onion routing
Reading: §15
Due: Dec 6: homework 5
Dec 12 Due: Completed project due

Bibliography

Bi00
M. Bishop, “Analysis of the ILOVEYOU Worm,” Unpublished paper, Dept. of Computer Science, University of California Davis, Davis, CA 95616 (May 5, 2000).
B+07
M. Backes, M. Dümuth, and D. Unruh, “Information Flow in the Peer-Reviewing Process (Extended Abstract),” Proceedings of the 2007 IEEE Symposium on Security and Privacy pp. 187–191 (May 2007).
DOI: 10.1109/SP.2007.24
De87
D. Denning, “An Intrusion-Detection Model,” IEEE Transactions on Software Engineering SE-13(2) pp. 222–232 (Feb. 1987).
DOI: 10.1109/TSE.1987.232894
HS16
M. Heckman and R. Schell, “Using Proven Reference Monitor Patterns for Security Evaluation,” Information 7(2) pp. 23ff (Apr. 2016).
DOI: 10.3390/info7020023
Ke93
S. Kent, “Internet Privacy Enhanced Mail,” Communications of the ACM 36(8) pp. 48–60 (Aug. 1993).
DOI: 10.1145/163381.163390
La73
B. Lampson “A Note on the Confinement Problem,” Communications of the ACM 16(10) pp. 63–615 (Oct. 1973)
DOI: 10.1145/362375.362389
Li75
S. Lipner, “A Comment on the Confinement Problem,” Proceedings of the Fifth ACM Symposium on Operating System Principles (SOSP ’75) pp. 192–196 (Nov. 1975).
DOI: 10.1145/800213.806537
MA19
M. Mesbah and M. Azer, “Cyber Threats and Policies for Industrial Control Systems,” Proceedings of the 2019 International Conference on Smart Applications, Communications and Networking (SmartNets) (Dec. 2019).
DOI: 10.1109/SmartNets48225.2019.9069761
O+17
L. Osterweil, M. Bishop, H. Conboy, H. Phan. B. Simidchieva, G. Avrunin, L. Clarke, and S. Peisert, “Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example,” ACM Transactions on Privacy and Security 20(2) pp. 5:1–5:31 (Mar. 2017).
DOI: 10.1145/3041041
Sa93
R. Sandhu, “Lattice-Based Access Control Models,” IEEE Computer 26(11) pp. 9–19 (Nov. 1993).
DOI: 10.1109/2.241422
Sm12
R. Smith, “A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles,” IEEE Security and Privacy 10(6) pp. 20–25 (Nov.–Dec. 2012).
DOI: 10.1109/MSP.2012.85

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: [email protected]
ECS 235A, Computer and Information Security
Version of September 22, 2023 at 12:26PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh