Spring 2025 - CS5430 System Security - Topic Outline

CS5430: System Security - Topic Outline (Spring 2025)

The outline lists the topics to be covered in class this semester. Readings to accompany each topic are also listed.

Note. Cornell University Policy restricts the use of notes, which are copyright F.B. Schneider with all rights reserved.

Topic Outline

Introduction [pages 1-26]

Basic terminologyx
Enforcement mechanisms and principles
Gold Standard and accountability
Assurance and trust

Authentication of machines

Symmetric cryptosystems and authentication
Key distribution centers and Kerberos [IEEE Comm Article] (optional)
Public key infrastructure

Authentication of humans [pages 37-59, 67-80]
- Something you know
- Something you have
- Something you are
- Phishing-resistant authentication
- Federation and single sign-on [optional reading]
- Privacy issues

Authorization

Discretionary access control (DAC) [pages 129-134, 140-153, 157-169]

Access control matrix
Access control lists
Capabilities
- Tagged memory implementation
- Protected storage implementation
- Type-checking implementation
Case study: Access control in UNIX

Mandatory access control (MAC) [pages 195, 206-223]

Domain type enforcement (DTE)
Chinese wall
Clark-Wilson commercial policies
Role-based access control
Credentials-based authorization

[Lampson paper (optional), chapter giving detailed treatment (optional)]

Measured Principals and Gating Functions

Information Flow

Labels and Noninterference Policies
Enforcement of TINI
Enforcement of PSNI
Flow-senstive labels

Enforcement mechanisms

Isolation[pages 301-308]

Mapping and multiplexing
Processes, virtual machines, and containers
Unexpected Communications Channels [page 405-421]

Covert channels
Side channels

Monitoring [pages 337-340, 344-347]

Reference monitors
EM enforceability

Program Rewriting[pages 351-363, 369-375]

Software-based Fault Isolation (SFI)
Inlined Reference Monitors
Proof Carrying Code (PCC)

Appendix: Some Notes on Cryptography

Fundamentals of Cryptography