Project (Term Project)
Summary of Course Content
I. Introduction: what is security, policies, risk analysis, humans and procedural/operational security; principles of secure design
II. Foundations: access control matrix, Harrison-Ruzzo-Ullman result, Take-Grant Protection Model, other models
III. Policies and precision; policy languages
IV. Confidentiality policies: Bell-LaPadula, System Z
V. Integrity policies: Biba, Lipners access control matrix model, Clark-Wilson
VI. Hybrid policies: Chinese Wall, Clinical Information Systems Security, Role-based access control
VII. Non-interference and non-deducibility
VIII. Information flow and the confinement problem
IX. Theory of malicious logic: computer viruses, computer worms
Paper surveying a topic in computer security in depth (expected length 20 pages) or a project exploring some aspect of the foundations of computer security. These may be individual or group efforts.
M. Bishop, Computer Security: Art and Science, Addison-Wesley 2003 ; various papers
Potential Course Overlap
This course does not overlap with any other course. ECS 153, which mentions one result and gives a very high-level view of some of the models, does not discuss the details of those results, their proofs, or the underlying principles presented in this course, and focuses instead on applications.