Computer Science

ECS 153 Computer Security

ECS 153 COMPUTER SECURITY (4) II, III

Format
Lecture: 3 hours
Discussion: 1 hour

Catalog Description:
Principles, mechanisms, and implementation of computer security and data protection. Policy, encryption and authentication, access control, and integrity models and mechanisms; network security; secure systems; programming and vulnerabilities analysis. Study of an existing operating system.

Prerequisite: Courses 150, 152A

Credit restrictions: Not open for credit to students who have completed course 155

Summary of course contents

  1. What is computer security: notion of an informal policy, formalization of policy
  2. Encryption: classical, public-key; implementation, problems; the UNIX file encryption mechanism and its cryptanalysis; the DES and RSA
  3. Authentication: model of authentication systems, traditional passwords, challenge/response, one-time passwords; cryptographic protocols, simple cryptosystems; the standard UNIX authentication system, its limits and alternate forms; implementations of other mechanism
  4. Access control: controlling access to resources, access matrix model, undecidability result, access control lists and capability lists; mandatory controls, originator controls; variants; UNIX scheme and augmentations
  5. Integrity: cryptographic checksums, malicious logic, viruses, Trojan horses; defenses, prevention; UNIX integrity checking tools and how they work; malicious logic and UNIX
  6. Security-oriented programming: design principles, focusing on common problems; gates vs. privileged servers; environment, exception handling; writing secure servers and secure setuid/setgid programs in the UNIX environment
  7. Networks and security: Internet Security Architecture, analysis of Internet protocols, design and implementation considerations; firewalls; UNIX networking and security
  8. Penetration analysis: common types of flaws, examples, flaw hypothesis methodology, analysis of programs and systems; UNIX instances of problems, flaws, and how to fix them
  9. Secure systems: types, models, design, changes to non-secure systems; comparative analysis

Laboratory projects: The project deals with building a tool to analyze and/or improve the security of a computer or installation running the UNIX operating system, or using the Internet. The student will select the goal (the purpose of the software to be developed), determine how to measure success or failure, design the software, implement it under the UNIX operating system, and then analyze its effectiveness to see if the goal of the project was met.

The principal project consists of the design and implementation of a tool to enhance the security of a computer system (or systems). The students develop their own goals, and (within guidelines given by the instructor) develop functional specifications. They then design, implement, document, and test (both experimentally and analytically) their software. Grading is based on all phases, including the selection of an attainable goal, the development of functional specifications, the design and implementation of the software, and its evaluation. Examination questions will require mastery of the techniques and principles used in all phases of the project.

Goals: Students will: (1) learn the principles, mechanisms and implementation of computer security and data protection; and (2) learn how attacks work, how to defend against them, and how to design systems to withstand such attacks.

Illustrative reading
M. Bishop, Computer Security: Art and Science, Addison-Wesley Professional, 2002

Computer Usage:
Students program their programming assignments and project using C and UNIX programs. Programs are developed on workstations running UNIX operating systems. Student use editors such as vi and emacs, and are exposed to debuggers and other standard UNIX tools.

Engineering Design Statement:
The principal project consists of the design and implementation of a tool to enhance the security of a computer system (or systems). The students develop their own goals, and (within guidelines given by the instructor) develop functional specifications. They then design, implement, document, and test (both experimentally and analytically) their software. Grading is based on all phases, including the selection of an attainable goal, the development of functional specifications, the design and implementation of the software, and its evaluation. Examination questions will require mastery of the techniques and principles used in all phases of the project.

ABET Category Content:

Engineering Science: 2 units
Engineering Design: 2 units

GE3: Science & Engineering

Overlap: The content of this course overlaps some with course 155 (Computer Security for Non-Majors). This course is designed for majors and is more theoretical than 155 and has more technical depth.

Instructors: M. Bishop and H. Chen

History: 2012.10.28 (H. Chen): reviewed, no changes desired. Prior course description from M. Bishop, February 2005.

Outcomes

1 X an ability to apply knowledge of mathematics, science, computing, and engineering
2 an ability to design and conduct experiments, as well as to analyze and interpret data
3 an ability to design, implement, and evaluate a system, process, component, or program to meet desired needs, within realistic constraints such as economic, environmental, social, political, ethical, health and safety, manufacturability, and sustainability
4 an ability to function on multi-disciplinary teams
5 X an ability to identify, formulate, and solve computer science and engineering problems  and define the computing requirements appropriate to their solutions
6 X an understanding of professional, ethical, legal, security and social issues and responsibilities
7 X an ability to communicate effectively with a range of audiences
8 X the broad education necessary to understand the impact of computer science and engineering solutions in a global and societal context
9 X a recognition of the need for, and an ability to engage in life-long learning
10 X knowledge of contemporary issues
11 X an ability to use current techniques, skills, and tools necessary for computing and engineering practice
12 X an ability to apply mathematical foundations, algorithmic principles, and computer science and engineering theory in the modeling and design of computer-based systems in a way that demonstrates comprehension of the tradeoffs involved in design choices
13 X an ability to apply design and development principles in the construction of software systems or computer systems of varying complexity
border