Computer Security: Principles and Foundations

This course is taught in a seminar style. Each week we expect students to read the set papers below and either prepare a presentation or submit an essay. During the session we will then watch the presentations and discuss the papers.

Slides

1. Introduction to R209
2. Reflections on Trusting Trust
3. Security Protocols

Reading assignments

The following papers are assigned reading for R209, which should be read prior to the class indicated. Please contact the module instructors if you have any questions.

1. Adversarial reasoning (5 October 2023 - Anderson, Watson, Hutchings)
   1. Ken Thompson. Reflections on Trusting Trust, Communications of the ACM v 27 no 8 (1984) pp 761–763.
   2. Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond. Chip and PIN is broken, IEEE Symposium on Security and Privacy, May 2010.
   3. Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage. Experimental Security Analysis of a Modern Automobile. IEEE Symposium on Security and Privacy, May 2010.
   Optional additional reading:
   • Charlie Miller, Chris Valasek, Remote exploitation of an unaltered passenger vehicle (if you have time – great paper but 90 pages long!)

---

2. Usable security (12 October 2023 - Hutchings)
   1. Alma Whitten and J.D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0, Usenix Security, 1999.
   2. Cormac Herley. More is not the answer IEEE Security & Privacy 12:1 pp 14-19, 2013.
   3. Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky, You get where you're looking for: The impact of information sources on code security. IEEE Symposium on Security and Privacy, May 2016.
   Optional additional readings:
   • Cormac Herley. So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users, 2009.
   • Daniel Kahneman's Nobel Prize lecture

---

3. Access Control (19 October 2023 - Watson)
   1. David E. Bell and Leonard J. La Padula, Secure Computer Systems: Mathematical Foundations. ESD-TR-73-278, Vol. I, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA 01731 (Nov. 1973).
   2. David Wagner and Dean Tribble, A Security Analysis of the Combex DarpaBrowser Architecture, March 4, 2002.
   3. Robert N. M. Watson. A decade of OS access-control extensibility. Communications of the ACM 56(2), February 2013.
Optional additional reading:
• D Elliot Bell and Len LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (1975). Read pp1-48, 64-73 only.
• Butler Lampson. A Note on the Confinement Problem, Communications of the ACM 16(10) (Oct 1973).

---

4. Inference control (26 October 2023 - Anderson)
   1. NR Adam, JC Wortmann, Security-Control Methods for Statistical Databases: A Comparative Study, ACM Computing Surveys v 21 no 4 (1989) pp 515–55.
   2. C Dwork, F McSherry, K Nissim, A Smith, Calibrating noise to sensitivity in private data analysis, Third conference on Theory of Cryptography (2006)
   3. A Narayanan, V Shmatikov, How To Break Anonymity of the Netflix Prize Dataset (Nov 2007).
   Optional additional reading:
   • Ross Anderson, Inference Control (January 2019).
   • SA Thompson, C Warzel, One nation, tracked--An investigation into the smartphone tracking industry from Times Opinion, New York Times Dec 19, 2019.

   ---

5. Adversarial reasoning II (2 November 2023 - Anderson)
   1. Kaveh Razavi, Ben Gras, and Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. Flip Feng Shui: Hammering a Needle in the Software Stack. Proceedings of the 25th USENIX Security Symposium, August 2016.
   2. Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, and Ross Anderson. Chip and Skim: cloning EMV cards with the pre-play attack. In 2014 IEEE Symposium on Security and Privacy, pp. 49-64. IEEE, 2014.
   3. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg et al. Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP), pp. 1-19. IEEE, 2019.

   Optional additional reading:

   • Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue, A Messy State of the Union: Taming the Composite State Machines of TLS, IEEE Security and Privacy 2015

---

6. Security Economics (9 November 2023 - Anderson)
   1. Ross Anderson and Tyler Moore, Information security: where computer science, economics, and psychology meet, Phil Trans Roy Soc A v 367 no 1898 pp 2717–2727 (2009).
   2. Michel van Eeten, Johannes M. Bauer, Hadi Asghari, Shirin Tabatabaie, and Dave Rand, The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data, WEIS 2010.
   3. Marie Vasek and Tyler Moore, There’s No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams. International Conference on Financial Cryptography and Data Security, 2015.
   Optional additional reading:
   • Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Carlos Gañán, Tom Grasso, Michael Levi, Tyler Moore & Marie Vasek, Measuring the changing cost of cybercrime. Workshop on Economics and Information Security (WEIS19), June 2019.
   • Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, and Christopher Kruegel, Is the Internet for Porn? An Insight Into the Online Adult Industry, WEIS 2010.

---

7. Correctness vs. Mitigation (16 November 2023 - Watson)
   1. Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood, seL4: formal verification of an OS kernel, Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems principles (SOSP '09)
   2. Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler, A few billion lines of code later: using static analysis to find bugs in the real world, Communications of ACM 53(2) (February 2010)
   3. Brooks Davis, Robert NM Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall et al. CheriABI: Enforcing valid pointer provenance and minimizing pointer privilege in the POSIX C run-time environment. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 379-393. ACM, 2019.
   Optional additional readings:
   • Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song, SoK: Eternal War in Memory, Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP '13). IEEE Computer Society, Washington, DC, USA.

---

8. Passwords (23 November 2023 - Hutchings)
   1. Robert Morris and Ken Thompson, Password security: a case history, Communications of the ACM 22(11) (1979).
   2. Anne Adams and M. Angela Sasse, Users are not the enemy, Communications of the ACM v 42 no 12 (1999).
   3. Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano, The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, IEEE Security and Privacy 2012.
   Optional additional reading:
   • Tom Jagatic, Nathaniel Johnson, Markus Jakobsson, and Filippo Menczer, Social phishing. Communications of the ACM, 50(10), 94-100.
   • Mat Honan, How Apple and Amazon Security Flaws Led to My Epic Hacking, Wired, August 2012.