CS4600 Secure System Principles

An advanced course that focuses on key principles of a constructive approach to secure systems. A brief review of operating systems and computer architecture is provided. Major topics include threat characterization and subversion; confinement; fundamental abstractions, principles, and mechanisms, such as reduced complexity, hierarchical relationships, least privilege, hardware protection, resource management and virtualization, software security, secure system composition, mutual suspicion, synchronization, covert and side-channel analysis, secure metadata, secure operational states, usability, and life cycle assurance. Current developments will include advances in security hardware, components, and systems.

Prerequisite

CS3600, CS3070, CS3502

Lecture Hours

3

Lab Hours

2

Course Learning Outcomes

Upon successful completion of this course, students will be able to: 

  • Explain indicators of and factors that contribute to complexity in computing systems, and principle-based techniques to mitigate complexity. 
  • Motivate and summarize purpose and scope of constructive security. 
  • Analyze the relationship between reference monitor concept, reference monitors, and essential protection features. 
  • Describe fundamental access modes, access as a relationship permitted by policy and encoded in software and hardware for both directly and interpretively accessed objects. 
  • Explain the major security policy types and characteristics, including policy dynamicity and control in runtime systems. 
  • Describe basic secure system principles and their application. 
  • Explain and assess how principles drive system organization, implementation, and trustworthiness. 
  • Show how component organization in system architectures affects security. 
  • Distinguish and contrast security functionality and assurance. 
  • Describe and justify lifecycle assurance processes. 
  • Describe why systems have imperfect security despite lifecycle rigor. 
  • Explain essential hardware support for security. 
  • Analyze the impact of supply-chain vulnerabilities in complex system architectures. 
  • Outline formal requirements for virtualization. 
  • Explain the differences between Type I and Type II virtual machines. 
  • Describe current approaches to virtualization and concerns for cloud security. 
  • Define covert and side channels, their manifestations, and challenges associated with them. 
  • Apply the basic mathematics used in secure system design and analysis.