Course Overview

Major Topics:

Course Outline
Fundamentals
Role-Based Access Control
Calculus for Access Control

Note: Consult the course calendar for the reading schedule. Go to course assignments for specific homework assignments. Go to course readings for a complete listing of relevant primary and secondary sources.

References:
Course Outline

[OC02] Susan Older and Shiu-Kai Chin. Formal Methods for Assuring Security of Protocols. The Computer Journal, Vol. 45, No. 1, 2002

Fundamentals

Textbook Cryptography and Network Security: Principles and Practice: 2/e, Prentice-Hall, William Stallings, Prentice-Hall ISBN 0-13-869017-0
[SS75] Jerome Saltzer, Michael Schroeder. The Protection of Information in Computer Systems. Proceedings IEEE 63, 9 (Sept. 1975), 1278-1308
[LAM71] Butler Lampson. Protection. Proceedings 5th Princeton Conference on Information Sciences and Systems, Princeton, 1971, 437.

Role-Based Access Control

[FBK99] David Ferraiolo, John Barkley, D. Richard Kuhn. A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet. ACM Transactions on Information and System Security, Vol. 2, No. 1, February 1999, 34-64.
[FSGK01] David Ferraiolo, Ravi Sandhu, Seban Gavrila, D. Richard Kuhn, Ramaswamy Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, 224–274.
[FK92] David Ferraiolo, D. Richard Kuhn. Role Based Access Control. Proceedings of the 15th Annual Conference on National Computer Security. National Institute of Standards and Technology, Gaithersburg, MD, 1992, 554-563.

Authentication, Delegation, and Access Control

[ABLP93] Martin Abadi, Michael Burrows, Butler Lampson, Gordon Plotkin. A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, Vol. 15, No. 4, September 1993. 706-734.
[LABW92] Butler Lampson, Martin Abadi, Michael Burrow, Edward Wobber. Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems, Vol. 10, No. 4, November 1992, 265-310.
[WABL94] Edward Wobber, Martin Abadi, Michael Burrows, Butler Lampson.Authentication in the Taos Operating System. ACM Transactions on Computer Systems, Vol. 12, No. 1, February 1994, 3-32.
[HK00] Jon Howell, David Kotz. A Formal Semantics for SPKI. Technical Report TR 2000-363, March 2000, Dept. of Computer Science, Dartmouth College, Hanover, NH.

COURSE OUTLINE

Topic	Primary References	Supplemental References
Course Outline Major topics of CSE774: formal reasoning systems for assuring security of network protocols	[OC02]

Part I. FUNDAMENTALS

Topic	Primary References	Supplemental References
Basic Security Properties Confidentiality, Authentication, Integrity, Nonrepudiation, Access Control, Availability Mechanisms Attacks	Textbook Chapter 1	[SS75], [LAM71]
Conventional Encryption DES, Electronic Code Book, Cipher Block Chaining	Textbook Chapter 3.1 - 3.3, 3.7
Confidentiality Placement of Encryption, Traffic Confidentiality, Key Distribution	Textbook Chapter 5.1 - 5.3
Public-Key Cryptography Principles of Public-Key Cryptosystems, RSA, Key Management	Textbook Chapter 6.1 - 6.3
Message Authentication and Hash Functions Authentication Requirements, Authentication Functions, Message Authentication Codes, Hash Functions	Textbook Chapter 8.1 - 8.4
Hash Functions Secure Hash Algorithm (SHA-1)	Textbook Chapter 9.2
Digital Signatures and Authentication Protocols Digital Signatures, Authentication Protocols, Digital Signature Standard	Textbook Chapter 10.1 - 10.3
Authentication Applications Kerberos, X.509 Authentication Service	Textbook Chapter 11.1 - 11.2

Part II. ROLE-BASED ACCESS CONTROL

Topic	Primary References	Supplemental References
Definitions and Properties	[FBK99]	[FSGK01], [FK92]

Part III. AUTHENTICATION, DELEGATION, AND ACCESS CONTROL

Topic	Primary References	Supplemental References
Underlying Semantics and Model	[HK00] Sections 1 - 3	[ABLP93] Sections 3.3 - 3.4
Axioms for Principals and Statements	[LABW92] Section 3, [HK00] Sections 4.1 - 4.3	[ABLP93] Sections 3.1 - 3.2
Channels and Encryption	[LABW92] Section 4
Group Names	[LABW92] Section 5.3
Roles and Programs	[LABW92] Section 6	[HK00] Sections 4.4 - 4.5
Delegation	[ABLP93] Sections 5 - 6.1	[LABW92] Section 7, [HK00] Section 4.6
Interprocess Communication	[LABW92] Section 8
Access Control Decisions	[ABLP93] Section 6.2	[LABW92] Section 9
Reasoning About Credentials and Certificates	[WABL94] Sections 1 - 4.3
Extensions to the Logic	[HK00] Section 6

Updated August 24, 2002