CS4600 Secure System Principles

An advanced course that focuses on key principles of a constructive approach to secure systems. A brief review of operating systems and computer architecture is provided. Major topics include threat characterization and subversion; confinement; fundamental abstractions, principles, and mechanisms, such as reduced complexity, hierarchical relationships, least privilege, hardware protection, resource management and virtualization, software security, secure system composition, mutual suspicion, synchronization, covert and side-channel analysis, secure metadata, secure operational states, usability, and life cycle assurance. Current developments will include advances in security hardware, components, and systems.


CS3600, CS3070, CS3502

Lecture Hours


Lab Hours


Course Learning Outcomes

Upon successful completion of this course, students will be able to: 

  • Explain indicators of and factors that contribute to complexity in computing systems, and principle-based techniques to mitigate complexity. 
  • Motivate and summarize purpose and scope of constructive security. 
  • Analyze the relationship between reference monitor concept, reference monitors, and essential protection features. 
  • Describe fundamental access modes, access as a relationship permitted by policy and encoded in software and hardware for both directly and interpretively accessed objects. 
  • Explain the major security policy types and characteristics, including policy dynamicity and control in runtime systems. 
  • Describe basic secure system principles and their application. 
  • Explain and assess how principles drive system organization, implementation, and trustworthiness. 
  • Show how component organization in system architectures affects security. 
  • Distinguish and contrast security functionality and assurance. 
  • Describe and justify lifecycle assurance processes. 
  • Describe why systems have imperfect security despite lifecycle rigor. 
  • Explain essential hardware support for security. 
  • Analyze the impact of supply-chain vulnerabilities in complex system architectures. 
  • Outline formal requirements for virtualization. 
  • Explain the differences between Type I and Type II virtual machines. 
  • Describe current approaches to virtualization and concerns for cloud security. 
  • Define covert and side channels, their manifestations, and challenges associated with them. 
  • Apply the basic mathematics used in secure system design and analysis.