CSE-590: Secure Storage (Special Topics), Spring 2007

This is the home page for CSE-590, a special topics course on Secure Storage. Note that much of the information here is tentative and is subject to change! However, the information here IS the correct information (e.g., Solar has the wrong course title, time, and room number).

The class is scheduled to meet in Spring 2007, every Tuesday, from 5:30pm-8:00pm (once a week), in room CS-1310. This is done as to minimize conflicts with other classes, and to allow people who may be working during the day to take it.

PRE-REQUISITES: To take this class, you must have taken a class with a substantial security component such as CSE-508/509, as well as a substantial class in systems, such as CSE-506. Industry experience or similar experience in other classes can be substituted, with instructor approval. If you are not sure if you can take this class, contact us at the addresses below. Either way, instructor approval is necessary to take this class.

This class is being co-taught by Erez Zadok and Radu Sion. We will read, analyze, and discuss papers relating to topics of the security of data (files, storage, file systems, P2P, etc.). We will start with some of the more classic papers and proceed through the latest cutting-edge research papers. A full schedule of the papers to be covered will be posted before the semester begins.

Students are expected to attend all lectures promptly, read the papers for that week, and be prepared to discuss them. Each week, one or two students will be presenting a paper each. Throughout the semester, each student will get to present 2 to 3 papers. In addition the instructors will give a few lectures or bring guest speakers to cover specific topics. Grading will be based heavily on participation, attendance, and the presentations. There will be no exams in this class.

To help us better determine how many students want to take the class, if you would like to take it, please subscribe to the Class Mailing List. If you have any questions, feel free to contact one of the instructors listed above.

Approximate summary of lectures:

01/24	Introduction: Security and Cryptography (Sion)
01/30	Introduction: Storage and File Systems (Zadok)
02/06	Introduction continued: Secure Data Outsourcing (Sion)
02/13	Deniable FS and P2P Storage (Alex Mohr)
02/20	Storage and File Systems (continued) (Zadok)
02/20	Software Protection and Simulation on Oblivious RAMs, Conjunctive, subset, and range queries on encrypted data, and Space-Efficient Block Storage Integrity (Peter Williams).
02/27	VISTA security (Dave Quigley)
03/06	Regulatory storage (WORM, etc.) (Simona and Sunil)
03/13	DVD/DRM (Ivan)
03/20	Secure Deletion (Sadler)
03/27	No class.
04/03	Spring Recess
04/10	Secure Deletion (Sadler, Cont.) Integrity (Kiron)
04/17	SUNDR, etc. (Lohit & Sathya)
04/24	Oblivious Data Structure (Rob Johnson) DB security (Swami)
05/01	Cryptographic file systems (Gopala & Kumar)

Research Topics:

Security issues in Windows and esp. in Vista: what features are available, how good they are, etc. (Dave Quigley)
Overview of commercial storage security products: MS EFS, Vista's disk encryption, OS-X/Linux/BSD disk/loop encryption. 3rd party products.
3rd party network inline encryption/security products: Brocade Communications Systems, Cisco Systems, Decru Systems, Ingrian, Kasten Chase, McData Corp., NeoScale Systems, Protegrity, and Vormetric.
Comprehensive survey of storage integrity projects/papers/products.
Find relevant selected papers from recent FAST, SOSP, or OSDI conferences and present them.
Database security: XML encryption/auth, access control etc.
Disk-level encryption. IEEE Security in Storage work group (SISWG)
Secure Hardware (Peter Wiliams)
Encryption file systems: Blaze's CFS, n/cryptfs, IBM ecryptfs, etc.
DRM issues and how various DVD encryptions got broken.
Write Once Read Many / regulatory storage
Secure Outsourced Data. The NS3 project. (Peter Wiliams)
P2P storage and distribution security
SUNDR and friends...
certifications (NIST, DoD, NISPOM, etc.)

Note: Stony Brook has received $2.5 million [...] to provide scholarships to graduate and undergraduate majors in computer science that take on a program of study that specializes in information assurance. Each 2-year scholarship provides an average of $46K for undergrads and $56K for graduates. For details regarding the scholarship program and the application process, please see http://ccs.cs.sunysb.edu/sfs/.

Ethics:

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

(Last updated: 2007-05-01 )