Course Objectives

Dear Students:

Our goal is to learn the underlying principles of network security in a rigorous and formal way that allows us to describe, specify, and verify secure networks. We will learn how encryption and cryptographic protocols are used to achieve the security properties of privacy, authentication, non-repudiation, integrity, and access control when communicating or computing over a network. We will use predicate calculus, higher-order logic, and specialized logical systems to analyze and reason about the correctness cryptographic algorithms, protocols, trust networks, and access control.

The title of this course includes the word principles. This means in this course we focus on concepts rather than on implementation details in a similar way that a digital design course focuses on switching and finite automata theory as concepts whereas a laboratory course focuses on particular implementations.

This semester the course has been significantly updated from previous offerings. Specifically:

Traditional topics such as cryptographic algorithms, cryptographic protocols (e.g., Kerberos and secure email) receive much less class time. These topics should be covered in introductory courses on network and computer security.
Role-based access control (RBAC) is now included in the course. The National Institute of Standards and Technology has a proposed RBAC standard. RBAC is recognized as an important way of thinking about access control that simplifies managing access rights when compared to methods that directly associate users and rights.
Approximately half the semester is devoted to reasoning about roles, delegation of authority, access control, trust, certificates, and certification authority. These are large and important security concerns and we will learn to use a specialized logic of access control to help us think about these concerns.

A key capability in engineering is the ability to predict the behavior and properties of structures of components prior to actual construction. In network security, the components we have are various cryptographic functions and the structures we build are the data structures of messages and various protocols or sequences of operations designed to communicate securely. In order to determine the behavior and properties of our designs, we use predicate calculus to describe our designs and the associated rules of inference to prove properties of the designs. The style of proof we use is the style of Manna and Waldinger as taught in CSE 607 - the prerequisite for this course. We will also use a specialized calculus for reasoning about protocols, trust, delegation, and access control in distributed systems..

Grading will be based on in-class exams. These exams will stress your understanding of the concepts and your ability to solve problems. Memorization will not be stressed. Each exam will be 80 minutes long. The exams are open-book and open-notes.

You should attend class. The classes are meant to help you understand the material in the text by focusing on the key concepts, how they work, why they work, and how they are applied. Questions are STRONGLY encouraged.

Good luck and have a good semester!

Sincerely,

Shiu-Kai Chin

Top

Updated August 20, 2002