Department of Computer Science, Unit Catalogue 2007/08
CM50209 Security and integrity
| Credits: 6 |
| Semester: 2|
Aims: (a) To develop an understanding of the difficulties of security - everyone wants it but no-one can define it.
(b) To develop the ability to analyse the security threats to a proposed design.
(c) To develop the ability to propose realistic counter-measures, where available.
After taking this unit, the student should be able to:
(1) describe common security models;
(2) discuss what it means for a given system to be 'secure';
(3) identify security weaknesses in proposed systems.
Critical thinking (F, A). Defensive analysis and programming (T, F, A).
Philosophical, legal, ethical issues. What is a person? Passwords, user ids and biometrics. What are authorisation and delegation? What are data? Security against theft, destruction, interception, tampering. Some thoughts on physical security. Data Protection Act, Freedom of Information Act, Regulatory and Investigatory Powers Act. Military/government requirements for security.
Security within a computer. Hardware support for security: states and memory protection. memory mapping, virtual memory and security. The Unix Security model: chown, chgrp, setuid and chroot. Strengths and weaknesses of the Unix security model: common attacks.
The Multics security model. Capabilities.
Security within Databases. Protection against loss - two-phase commit. Protection against statistical queries: Denning's model.
Security within networks. 'Man in the middle' attacks. What does the 's' in https signify?
Case studies: Internet worm. Power attacks and other covert channels. A chain can be weaker than its weakest link: the Crouch-Davenport attack.