CSE 409 Back to CSE Courses

Course CSE409
Title Computer System Security
Credits 3
Course Coordinator R. Sekar
Current Catalog Description

Principles and practice of computer system security: Operating system security, Authentication and access control, Capabilities, Information flow, Program security, Database security, Cryptographic key management, Auditing, Assurance, Vulnerability analysis and intrusion detection.
Prerequisite

CSE 306 or 376, or ESE 333

Course Goals
  • Learn to design, develop and administer secure software and computer systems.
  • Understand fundamental concepts in security such as authentication, access control and information flow.
  • Understand the mechanism and means by which these concepts are implemented in operating systems, databases and other application software.
  • Develop software that implements sample security mechanisms and services chosen by the instructor.
  • Be able to identify security vulnerabilities in existing systems and develop means to mitigate these vulnerabilities.
Upcoming Schedule Changes

We are planning on changing CSE 408 and 508 so that they are offered in Spring semesters, starting Spring 2011. (Currently, and in the next academic year 2009-10, these courses are offered in Fall semester.) At the same time, CSE 409 and 509 will be switched to Fall semesters from the current Spring semester schedule, starting in Fall 2010.

Textbook
  • Introduction to Computer Security by Matt Bishop
  • Computer Security: Art and Science
Major Topics Covered in Course
  • Introduction: What is security ? What isn't security ? Security by obscurity
  • Cryptographic Primitives (1): single-key encryption, DES.
  • Cryptographic Primitives (2): two/multi-key crypto (RSA), crypto-hashes.
  • Ciphers (1): overview, types, (also: project discussion)
  • Communication Security: layers: PEM/SSL/IPSec
  • Key Management: PKIs, storage for secrets (disk, memory).
  • Catch-up Session: continue with Kerberos, do overview of previous lectures
  • Access Control (1): AC matrix, undecidability of security
  • Access Control (2): ACLs, capabilities.
  • Policies (1): overview, confidentiality, trust, Bell-LaPadula model
  • Policies (2): integrity, Biba, Clark-Wilson.
  • Policies (3): Chinese Wall, other hybrids.
  • Midterm Review
  • Midterm: on Friday,in class.
  • Authentication: definition, passwords, biometrics, location.
  • Information Flow: compiler, runtime mechanisms
  • Sandboxing: confinement, isolation, covert channels.
  • Audits: mechanisms, implementations.
  • Intrusion Detection: models, reponse.
  • Advanced Topics: Proof-Carrying Code.
  • Review for Final
Laboratory Projects

Not Applicable

Course Webpage /~cse409
Department of Computer Science • Stony Brook University, Stony Brook, NY 11794-4400 • 631-632-8470 or 631-632-8471

 Stony Brook University Home Page    |    Search Stony Brook   |   SOLAR