CSE591: Security Policy Frameworks (Spring 2005)

CSE591: Security Policy Frameworks
Spring 2005

Other CSE591 Pages

Course Description

Specification and enforcement of security policies are increasingly important for every organization and enterprise. As new computer systems are built and old systems grow, with security requirements becoming more complex, the number of security vulnerabilities due to incomplete or incorrect security policies is growing. This stimulates growing interest in powerful frameworks and tools for specification, analysis, and enforcement of security policies. That is the topic of this course.

We will discuss security policies for centralized systems as well as for systems involving multiple entities that have limited trust in each other, including role-based access control, Security-Enhanced Linux, trust management, and trust negotiation, as well as methods and tools for policy analysis and enforcement. Since rule-based languages are increasingly used for specifying security policies (as well as for semantic web applications and analysis of computer programs and other complex systems), we will also study how such systems can be implemented efficiently.

Course work includes problem sets and a course project. The problem sets are to help understand the materials discussed and carry on the course project. Projects may be done individually or in teams depending on project size. Topics for projects include development of prototypical security policies for application domains, analysis of policies and standards, policy frameworks, and others proposed by the participants; they ideally contribute to a useful system and lead to a Master's project or thesis or to PhD research.

Administrivia

Instructor: Scott Stoller
Co-Instructor: Annie Liu
Meeting Time and Place: Tuesday and Thursday, 11:20am-12:40am. Computer Science 2129.
Office Hours: 1pm-2pm on Tuesday and Friday, and by appointment.
Credits: 3

Readings and References

Most of the material is not covered in any textbook, so the readings and references are articles from conferences and journals. Some representative papers are listed below.

The Basics

Jerome H. Saltzer and Michael D. Schroeder. The Protection of Information in Computer Systems. Communications of the ACM, 17(7), July 1974.
David D. Clark and David R. Wilson. A comparison of commercial and military security policies. In Proc. 1987 IEEE Symposium on Security and Privacy, pages 184-194. IEEE Computer Society Press, 1987.
David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), Volume 4 , Issue 3 (August 2001), pages 224 - 274. The standard (ANSI INCITS 359-2004) was approved by the American National Standards Institute in February 2004.
Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer. The ARBAC97 Model for Role-Based Administration of Roles, ACM Transactions on Information and Systems Security (TISSEC), Volume 2, Number, February 1999.
Fred B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security 3(1), February 2000, pages 30-50.

Trust Management

Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The role of trust management in distributed systems. In Secure Internet Programming, volume 1603 of LNCS, pages 185-210. Springer-Verlag, 1999.
William H. Winsborough and Ninghui Li. Safety in Automated Trust Negotiation. Submitted to ACM Transactions on Information and System Security. Preliminary version appeared in Proc. IEEE Symposium on Security and Privacy, May 2004.
Moritz Y. Becker and Peter Sewell. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In Proc. 17th IEEE Computer Security Foundations Workshop, June 2004.

Analysis of Security Policies

Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461-471, 1976. A classic paper on the complexity of analyzing access control.
Trent Jaeger, Antony Edwards, and Xiaolan Zhang. Policy Management Using Access Control Spaces. ACM Transactions on Information Systems Security, August 2003. This paper describes the Gokyo policy analysis tool developed at IBM T. J. Watson Research Center.
Ninghui Li, John C. Mitchell, and William H. Winsborough. Beyond Proof-of-compliance: Security Analysis in Trust Management. Journal of the ACM, to appear. Preliminary version appeared in Proc. IEEE Symposium on Security and Privacy, May 2003.
Beata Sarna-Starosta and Scott D. Stoller. Policy Analysis for Security-Enhanced Linux. In Proc. 2004 Workshop on Issues in the Theory of Security (WITS), April 2004. Security-Enhanced Linux is developed by the National Security Administration.

Policies

Grading. Each assignment is graded relative to some maximum number of points (e.g., 20). The maximum number of points is unrelated to the weight of the assignment in the course grade. Each score is normalized into a number between zero and one (e.g., 19/20 -> 0.95) and then multiplied by the weight of the assignment to obtain a weighted score. Course grades are based primarily on the sum of the weighted scores.

Integrity. All students are expected to follow CEAS's policies governing academic dishonesty. Suspected academic dishonesty will be reported to CEAS's Committee on Academic Standing and Appeals (CASA). If you submit anything that includes any material created by other people, your submission must clearly indicate the sources of all such material. Failure to indicate the sources will be treated as plagiarism. Discussing assignments with other people is fine. However, each person must write his or her own submission independently. Showing your own work to other students, giving it to them, or making it accessible to them (e.g., by making the files world-readable, intentionally or through carelessness) will be treated as academic dishonesty.

Disabilities. If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, I would urge that you contact the staff in the Disabled Student Services office (DSS), Room 133 Humanities (moved to ECC Bldg during renovation of Humanities), 632-6748/TDD. DSS will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation of disability is confidential.

Grading Statistics

The following information may be slightly inaccurate, due to score adjustments, late submissions, etc. Statistics for the project are based on the scores before the individual contribution factor is applied.

Item	MaxPossible	Mean	Std.Dev.
hw1	30	24.3	7.8
hw2	10	8.8	1.6
hw3	30	27.3	2.7
hw4	10	8.9	0.7

Grading Weights

Homeworks 28

Project 72

TOTAL 100

The weight for homeworks is divided equally between the four assignments.

Submission of Assignments

Assignments that do not involve programming should be submitted as printouts in class on the due date, unless the assignment specifies otherwise. Assignments submitted after the end of class on the due date are late and receive a -3% penalty. Assignments submitted the next day receive a -6% penalty, and so on.

To submit an assignment that involves programming,

Put all of your files (code and documentation) into a directory with a unique name (for example, your userid) and use zip -r to zip the entire directory tree. Email the .zip file to stoller AT cs DOT sunysb DOT edu. AND
Submit a hardcopy of the documentation (e.g., user manual, including instructions for compiling and running your program) in class, or put it under the door of my office (Computer Science 1429). Save a tree! Do not submit printouts of your code!