ECS 153: Computer Security

ECS 153
Computer Security
Effective Term
2018 Fall Quarter
Learning Activities
Lecture: 3 hours
Discussion: 1 hour
Principles, mechanisms, and implementation of computer security and data protection. Policy, encryption and authentication, access control, and integrity models and mechanisms; network security; secure systems; programming and vulnerabilities analysis. Study of an existing operating system. Not open for credit to students who have completed ECS 155. GE Prior to Fall 2011: SciEng. GE: SE.
ECS 150; (ECS 152A or EEC 173A)
Credit Limitation
Not open for credit to students who have completed ECS 155.
Enrollment Restrictions
Pass One open to Computer Science and Computer Science Engineering Majors only.

Summary of Course Content:

  1. What is computer security: notion of an informal policy, formalization of policy
  2. Encryption: classical, public-key; implementation, problems; the UNIX file encryption mechanism and its cryptanalysis; the DES and RSA
  3. Authentication: model of authentication systems, traditional passwords, challenge/response, one-time passwords; cryptographic protocols, simple cryptosystems; the standard UNIX authentication system, its limits and alternate forms; implementations of other mechanisms
  4. Access control: controlling access to resources, access matrix model, undecidability result, access control lists and capability lists; mandatory controls, originator controls; variants; UNIX scheme and augmentations
  5. Integrity: cryptographic checksums, malicious logic, viruses, Trojan horses; defenses, prevention; UNIX integrity checking tools and how they work; malicious logic and UNIX
  6. Security-oriented programming: design principles, focusing on common problems; gates vs. privileged servers; environment, exception handling; writing secure servers and secure setuid/setgid programs in the UNIX environment
  7. Networks and security: Internet Security Architecture, analysis of Internet protocols, design and implementation considerations; firewalls; UNIX networking and security
  8. Penetration analysis: common types of flaws, examples, flaw hypothesis methodology, analysis of programs and systems; UNIX instances of problems, flaws, and how to fix them
  9. Secure systems: types, models, design, changes to non-secure systems; comparative analysis

Laboratory Project

The project deals with building a tool to analyze and/or improve the security of a computer or installation running the UNIX operating system, or using the Internet. The student will select the goal (the purpose of the software to be developed), determine how to measure success or failure, design the software, implement it under the UNIX operating system, and then analyze its effectiveness to see if the goal of the project was met.

Illustrative Reading
M. Bishop, Computer Security: Art and Science, Addison-Wesley Professional, 2002

Potential Course Overlap
The content of this course overlaps some with course 155 (Computer Security for Non-Majors). This course is designed for majors and is more theoretical than 155 and has more technical depth.

Course Category