TDDD17 Information Security, Second Course

Course Literature

Note: Material for sections 2 and 4 may be updated during the first few weeks of the course!

The course literature consists of the lectures handouts and the reading material prepared by the lecturers on this page. The literature marked with read for exam is mandatory for the exam, i.e. exam questions could cover any of the marked references. The un-marked literature is useful extra reading material.

The amount of mandatory reading material (number of pages) for each topic is approximately the same.

* Note that the lecture handouts are among the read for exam material.

1) System security

• M. Bishop, "Computer Security: Art and science", Addison-Wesley, ISBN 0-201-44099-7. read for exam
• Sections 2.1-2.3
• Sections 5.1-5.2
• Sections 6.1-6.3
• Section 7.4
• Sections 13.1-13.3
• Sections 15.1-15.4

Reading guidelines for system scrurity

Sections 2.1-2.3
Protection state, access control matrix, protection state transitions (i.e. a formal model for changing the access control matrix). Similar material should be found in most fundamental computer security textbooks.

Sections 5.1-5.2
Confidentiality policies and the Bell-LaPadula model. The Bell-LaPadula model is discussed in most fundamental computer security textbooks, but Bishop goes in to a great deal of detail. In particular, he covers the formalization of the model as well as instantiation of the model in a real operating system. The basics of Bell LaPadula are the most important, but some familiarity with the formalization is also expected.

Sections 6.1-6.3
Integrity policies, the Biba integrity model and Lipner's integrity matrix model. The Biba model should be covered in any fundamental computer security textbook. Bishop covers a formalization of the model as well as its combination with Bell LaPadula.

Section 7.4
Role-based access control. Bishop covers the formal RBAC model, which differs from trivial implementations called RBAC in some operating systems. An alternative source is found here.

Section 13.1-13.3
Design principles. Bishop covers the following design principles, all of which can be found through a web search: principle of least privilege, principle of fail-safe defaults, principle of economy of mechanism, principle of complete mediation, principle of open design, principle of separation of privilege, principle of least common mechanism, principle of psychological acceptability. Note that knowing the definitions is not enough; students must also be able to recognize when a design principle is applied (or not) apply the principles in practice. One place that has many of the principles (some under other names) is found here.

Section 15.1-15.4
Access control mechanisms. Bishop covers access control lists, including practical concerns (abbreviations, creation, maintenance, modification, privileged users, role of the owner, groups, wildcards, conflicts, revocation and default permissions); capabilities, including implementation, copying, amplification, revocation, limits. Bishop also covers "locks and keys", which combine the features of capabilities and access-control lists, type checking and secret sharing.

Access controls and capabilities should be covered by most fundamental textbooks, but perhaps not to the same level of detail as Bishop does. Secret sharing is reasonably well covered by Wikipedia (particularly the references). Locks and keys and type checking are, unfortunately, difficult to find covered in a similar manner elsewhere.

---

2) Identification and authentication, Biometric user authentication

• A. Jain, A. Ross and K. Nandakumar, Chapter 1 in "Introduction to Biometrics". Springer, 2011. Available online via the LiU library. read for exam

• Cryptogram
• International Biometric Group
• Eurodac
• Ross Anderson, Security Engineering, Wiley, ISBN 0-471-38922-6 . read for exam
  • chapter 14

---

3) Practical network security

Wikipedia articles (read for exam): Firewall (Computing), Application Layer Firewall, Proxy Server, Network Address Translation, and Port Address Translation.

Network design

• D. Smith, "Improving Computer Security through Network Design". read for exam

Mapping, attacks and vulnerabilities

• Matta Security Limited. "An Introduction to Internet Attack and Penetration". Read pages 5-8. read for exam
• Fyodor, "Remote OS detection via TCP/IP stack fingerprinting". The section on nmap is beyond the scope of this topic; you don't have to read it at all.
• Joe Stuart. "DNS Cache Poisoning -- The Next Generation". Read pages 1-10. read for exam
• Ptacek and Newsham. "Insertion Evasion and Denial of Service: Eluding Network Intrusion Detection". read for exam
  Sections 1-2 are required reading. Include section 3-6 for in-depth reading.

Wireless security

• N. Cam-Winget, R. Housley, D. Wagner, and J. Walker, "Security Flaws in 802.11 Data Link Protocols". read for exam

IPSec and SSL/TLS

• Kent, BBN Corp, Atkinson and @Home Network. "RFC 2401: Security Architecture for the Internet Protocol". read for exam
  The overall concepts and architecture are important, as are the capabilities of the architecture, but the technical details are beyond the scope of this topic. In particular, section 1-3 and the main concepts of section 4 (particularly 4.1-4.3 and 4.6) are important. Sections 5-12 and the appendices are beyond the scope of this topic. read for exam
• M. Bishop, "Computer Security: Art and science", Addison-Wesley, ISBN 0-201-44099-7. read for exam
  • Section 11.4.2 (just the overall concepts), section 11.4.3 and section 11.4.4. Everything relevant in section 11.4.3 of Bishop is also in RFC2401, so you only need to read the latter; Bishop may be helpful in understanding the RFC.

---

4) Business continuity planning and Physical security

Note: 1) We have changed to a newer edition of CISSP (2008). 2) The chapters by Henry, Mattews, Long and Mitnick are no longer part of the lecture material. 3) "Disaster recovery planning" is part of this course topic. The reading material for BCP also covers disaster recovery planning.

Business continuity planning

• Chapters 15-16 from Stewart, J. M.; Tittel, E. & Chapple, M. (2008), CISSP. Certified Information Systems Security Professional study guide. Sybex. Electronically available from http://www.bibl.liu.se/ (search for CISSP in the library catalogue)
  read for exam

Physical security

• Chapter 19 from Stewart, J. M.; Tittel, E. & Chapple, M. (2008), CISSP. Certified Information Systems Security Professional study guide. Sybex. Electronically available from http://www.bibl.liu.se/ (search for CISSP) read for exam

---

5) Risk analysis

• F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, F. Vraasen, "Model-based security analysis in seven steps - a guided tour to the CORAS method", available here, Springer. BT Technology Journal, pp 101-117, 2007. read for exam
• H. Dahl, I. Hogganvik, K. Stølen, "Structured semantics for the CORAS security risk modelling language", available here, SINTEF ICT. SINTEF Technical Report A970, 2007.
• NIST SP 800-30: Risk management guide for information technology systems, available here
• Risk Topics: Which Hazard Analysis read for exam
• Gary McGraw, "Risk Management Framework", available here. read for exam
• B. Blakley, E. McDermott, D. Geer, Information security is information risk management, available here.
• NIST SP 800-37: "Guide for Applying the Risk Management Framework to Federal Information Systems". Available here.
• J. Steven, "Threat Modeling - Perhaps it's time" available here.
• P. Brooke, R. Paige, "Fault trees for security system design and analysis" available here.

Page responsible: Nahid Shahmehri
Last updated: 2013-01-17