Reading. Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, and Jorge Lobo. Policy Decomposition for Collaborative Access Control. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), pages 103-112, June 2008.
Reading. Andrew C. Myers and Barbara Liskov. Protecting Privacy using the Decentralized Label Model. ACM Transactions on Software Engineering and Methodology (TOSEM) 9(4):410-442, October 2000. You can skip Section 3.4 (The Relabeling Rule).
Reading. Sections 1-4 of: Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4(3):167-187, December 1996.
Reading. Sections 1-4 and 6 of: Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Kostas G. Anagnostakis, and Jonathan M. Smith. Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications. International Journal of Network Security 4(1):69-80,January 2007.
Reading. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Securing SOAP E-Services. International Journal of Information Security 1(2):100-115, February 2002.
Lecture Notes. Lecture Notes on XACML, Lecture Notes on SOAP
Lecture Notes. Lecture Notes on Trust Management, Revised API for Cassandra
Lecture Notes. Lecture Notes on Trust Management (Part 1)
EHR Policy. I posted a slightly updated version of the EHR Policy in Blackboard.
Exercise. Here is the trust management exercise that we started in today's class. Please continue to work on it at home, and be prepared to propose a solution during next week's class.
Lecture Notes. Lecture Notes on RBAC
EHR Policy. I posted a slightly updated version of the EHR Policy in Blackboard.
Reading. Moritz Y. Becker, Cassandra: Flexible trust management and its application to electronic health records. Ph.D. thesis, University of Cambridge, October 2005. You don't need to read (or print) the entire thesis. We will focus on Section 9.4, which presents the electronic health record policy in more detail.
Reading. Moritz Y. Becker and Peter Sewell. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004.
Reading. Scott D. Stoller. Trust Management and Trust Negotiation in an Extension of SQL. In Proceedings of the 4th International Symposium on Trustworthy Global Computing (TGC). Springer-Verlag, 2008 (to appear). Available on Blackboard.
Reading. Ravi Sandhu, Edward Coyne, Hal Feinstein, and Charles Youman. Role-Based Access Control Models. IEEE Computer 29(2):38-47, February 1996. This classic paper makes the case for role-based access control (RBAC).
Office Hours. I will not have an office hour on Tuesday, September 30.
CSAW. You might want to conider participating in NYU-Poly's annual Cyber Security Awareness Week (CSAW).
Updates. I posted several files on Blackboard under Assignments and Course Documents. I updated the instructions for submitting assignments on the cse608 home page.
Course Policies. I added some course policies on the cse608 home page.
Meeting Time and Place. I updated the meeting time and place on the cse608 home page. we are back where we started, except 1/2 hour earlier.
Incorrect Email Addresses. Some students entered their email address in Blackboard as name@google. Of course, messages to those addresses bounced. If you did this, change your email address in Blackboard to name@google.com.
Meeting Time and Place. I updated the meeting time and place on the cse608 home page. room 2311 was not available on sep 8, so we will meet in room 1310 on that date, and in room 2311 for the rest of the semester. note that monday classes did not start this week, so we will treat the meeting this week as a replacement for the last meeting of monday classes, which is on dec 8. thus, cse608 will not meet on dec 8, unless we decide later that we want the extra class.
Blackboard. I will use Blackboard's mailing list feature to send email announcements to the class, so make sure your email address is set correctly in Blackboard (login and then click Personal Information under Tools on the left side of the page).
Reading. If you are not familiar with the basics of cryptography (shared-key cryptography, public-key cryptography, digital signatures), please read about it. This is background material that we will not cover in lecture. You just need to know what guarantees these functions provide, not the details of how they do it. Most security textbooks (the Stony Brook library has several of them) contain a few chapters that cover this material, for example, chapters 8 and 9 of Matthew Bishop, Introduction to Computer Security (Addison-Wesley, 2004) or chapters 9 and 10 of Matthew Bishop, Computer Security: Art and Science (Addison-Wesley, 2002).
Reading. Read the specified parts of the two papers listed under Basics on the cse608 home page.
Questionnaire. If you did not fill out this questionnaire during today's class, please print it, fill it out, and slide it under the instructor's office door.