ECS 235B FOUNDATIONS OF COMPUTER AND INFORMATION SECURITY (4) II
Lecture: 3 hours
Project: 1 hour
Prerequisite: Course ECS 235A; ECS 120 and ECS 150 recommended
Grading: Letter; homework (50%), project (50%)
Theoretical foundations of methods used to protect data in computer and communication systems. Access control matrix and undecidability of security; policies; Bell-LaPadula, Biba, Chinese Wall models;non-interference and non-deducibility; information flow and the confinement problem. Not open for credit to students who have taken course 235.
Introduce definitions of security and relationship of security to policy; foundations, models of confidentiality, integrity, and hybrid models; leaking of information in multilevel models; prevention of inference, deduction; confining information flow; non-lattice policies of information flow; theory of Trojan horses, computer viruses, and computer worms.
Expanded Course Description:
- Introduction: what is security, policies, risk analysis, humans and procedural/operational security; principles of secure design
- Foundations: access control matrix, Harrison-Ruzzo-Ullman result, Take-Grant Protection Model, other models
- Policies and precision; policy languages
- Confidentiality policies: Bell-LaPadula, System Z
- Integrity policies: Biba, Lipner’s access control matrix madel, Clark-Wilson
- Hybrid policies: Chinese Wall, Clinical Information Systems Security, Rose-based access control
- Non-interference and non-deducibility
- Information flow and the confinement problem
- Theory of malicious logic: computer viruses, computer worms
M. Bishop, Computer Security: Art and Science, Addison-Wesley 2003; various papers
Paper surveying a topic in computer security in depth (expected length 20 pages) or a project exploring some aspect of the foundations of computer security. These may be individual or group efforts.
Instructor: M. Bishop
Prepared by: M. Bishop (January 2006)
This course does not overlap with any other course. ECS 153, which mentions one result and gives a very high-level view of some of the models, does not discuss the details of those results, their proofs, or the underlying principles presented in this course, and focuses instead on applications.