System Security (3) Review current research in computer and operating system security.
CSE 544 System Security (3)
This course is built around the problem of authorization (access control). After a discussion of threats of systems security, we will examine the fundamental mechanism for access control, the reference monitor. We will define the principle of the reference monitor and review how it is used to implement access control.
The second major topic is mandatory access control (MAC). We will examine the implementation of MAC in Linus via the Linux Security Modules (LSM) framework. This part of the class relies heavily on a case study of the SELinux system to illustrate how MAC can be implemented and how security goals can be enforced by using MAC.
The third major topic focuses on how network security functions are implemented in the operating system. Such functions include authentication, firewalls, and secure communication via IPsec. The implementations of such functions in the Linux operating system will be the focus of this particular section of the course.
The third major topic examines system security architectures for distributed systems. The main foci are mechanisms based on public key systems, such as trust management, integrity measurement, and web-based operating systems. We will investigate research results in these areas and hypothesize where this emerging space may evolve.
The fourth major topic focuses on lower level features of operating systems and their impact on security. We will first review virtual machine systems and recent research results that indicate an emergence of virtual machine mechanisms as a practical basis for achieving strong systems security guarantees. We will then explore work on protecting access to data on systems that is resident in traditional (file systems) and unexpected (other temporary) storage locations.
The final two sections, Special Topics and Wrap-Up, will cover a number of areas of importance to system security, but not really falling into the traditional system areas. This includes emerging topics such as language-based security, the use of source code analysis for achieving system security goals, host intrusion detection, and emerging areas of recent interest. These topics will change over time as interests and technology develop. We will conclude with a discussion of the major challenges and state of system security, and make predictions about the future of system security.
Note : Class size, frequency of offering, and evaluation methods will vary by location and instructor. For these details check the specific course syllabus.