FU Math/Inf

Springe direkt zu: Inhalt


Hauptnavigation/Hauptmenü: Links auf direkt erreichbare, übergeordnete Webseiten

Secure Identity
Institut für Informatik

Suche auf der Website http://www.inf.fu-berlin.de


Für Browser ohne JavaScript finden Sie hier eine Liste der Quick Links

Navigation/Menü: Links auf weitere Seiten dieser Website

Für diese Seite

Fachbereich »  Informatik »  Secure Identity »  Teaching »  Computer Security



This course gives an introduction to computer security from a classical perspective.

Time and Location




The grade will be computed as a weighted sum of the following:

Active participation requires successful completion of a semester project and is graded on a pass / no pass basis.

Interesting links

Below are links to a few resources they may be interesting to students of this class at one time or another.


Assignment 1, due to Monday April 26

Assignment 2, due to Monday May 17

All operations should be accessible in a reasonable way through the metatable of the lattice and lattice_element objets. The metatable implementation should not depend on your lattice implementation.

Assignment 3, due to Monday June 7

Assignment 4, due to Monday June 28

As you might have seen in the last assignment, there is a nasty problem reflecting the label state of program counter within the vm instructions generated from conditional blocks. So your task is to come up with a solution for that problem. Assuming that vm instructions are always generated by a trusted compiler:

Assignment 5, due to Tuesday July 6

As we have discussed in the tutorial, we cannot implement reasonable dynamic information flow control without compiler aid, which leads to the question whether it is a good idea to shift more of the work from the VM to the compiler.


  1. Jason Franklin, Vern Paxon, Adrian Perrig, Stefan Savage, 2007. An inquiry into the nature and causes of the wealth of internet miscreants. In Proc. ACM CCS, 375-388, 2007.
  2. Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G. M., Paxson, V., and Savage, S. 2009. Spamalytics: an empirical analysis of spam marketing conversion. Commun. ACM 52, 9 (Sep. 2009), 99-107.
  3. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., and Vigna, G. 2009. Your botnet is my botnet: analysis of a botnet takeover. Proc. ACM CCS (2009), 635--647.
  4. Herley, C. and Florêncio, D. 2008. A profitless endeavor: phishing as tragedy of the commons. In Proc. NSPW, 2008. ACM, 59-70.

Lecture 2, Tuesday April 20, What is computer security?

Topics: [1; ch. 1-3]


  1. Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.

Lecture 3, Thursday April 22, State transition models

Topics: [1; ch. 9]


  1. Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.

Lecture 4, Tuesday April 27, Access control matrix model

Topics: [1; ch. 4.7.1-4.7.3]


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  2. B. Lampson. Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24.
  3. Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Commun. ACM 19, 8 (Aug. 1976), 461-471.

Lecture 5, Thursday April 29, Take-Grant protection model

Topics: [1; ch. 4.7.4]

Optional additional reading: [4]


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  2. Snyder, L. 1981. Formal Models of Capability-Based Protection Systems. IEEE Trans. Comput. 30, 3 (Mar. 1981), 172-181.
  3. Snyder, L. 1977. On the synthesis and analysis of protection systems. Proc. ACM Symposium on Operating Systems Principles (SOSP). pp. 141-150.
  4. Bishop, M. and Snyder, L. 1979. The transfer of information and authority in a protection system. Proc. ACM Symposium on Operating Systems Principles (SOSP), 45-54.

Lecture 6, Tuesday May 04, Mandatory access control models



  1. David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA 01730 (Mar. 1976); also ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731.
  2. David Elliott Bell, Looking Back at the Bell-La Padula Model, Proc. ACSAC, pp.337-351, 2005
  3. Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324]
  4. Brewer, D., Nash, M., The Chinese Wall security policy. IEEE Symposium on Security and Privacy, pp. 206-214, Oakland, May 1989
  5. Burrow, A. L. 2004. Negotiating access within Wiki: a system to construct and maintain a taxonomy of access rules. Proc. ACM Conference on Hypertext and Hypermedia 2004. ACM, 77-86.

Lecture 7, Thursday May 06, Trojan Horses and Covert Channels



  1. Thompson, K. 1984. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763.
  2. Lampson, B. W. 1973. A note on the confinement problem. Commun. ACM 16, 10 (Oct. 1973), 613-615.
  3. Lipner, S. B. 1975. A Comment on the Confinement Problem. ACM Operating Systems Review 9(5):192-196

Lecture 8, Tuesday May 11, Lattice model of information flow

Topics: [1; ch.5.1]


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  2. Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May. 1976), 236-243.
  3. Jones, A. K. and Lipton, R. J. 1975. The enforcement of security policies for computation. In Proceedings of the Fifth ACM Symposium on Operating Systems Principles (Austin, Texas, United States, November 19 - 21, 1975). SOSP '75. ACM, New York, NY, 197-206.

No class on Thursday May 13, Christi Himmelfahrt

Lecture 9, Tuesday May 18, Execution-based flow control mechanisms

Topics: [1; ch.5.3]


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  2. J. S. Fenton. Memoryless Subsystems. Comput. J. 17(2): 143-147 (1974)

Lecture 10, Thursday May 20, Compiler-based flow control mechanisms

Topics: [1; ch.5.4]


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.

Lecture 11, Tuesday May 25, Program verification with security requirements

Topics: [1; ch.5.5-5.6]


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  2. Myers, A. C. 1999. JFlow: practical mostly-static information flow control. Proc. Symposium on Principles of Programming Languages. 1999, 228-241.

Lecture 12, Thursday May 27, Principles of a secure architecture

Topics: [1; ch.5,8,10]


  1. Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.
  2. Jerome H. Saltzer, Michael D. Schroeder, The Protection of Information in Computer Systems, Proc. IEEE Vol. 63(9) pp. 1278-1308 (Sep. 1975).

Lecture 13, Tuesday June 01, Capabilities and capability-based systems

Topics: [1; ch.4.5]

Additional literature on capabilities and their discussion


  1. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  2. Henry M. Levy, 1984. Capability-based computer systems. Digital Press, 1984.
  3. Shapiro, J. S., Smith, J. M., and Farber, D. J. 1999. EROS: a fast capability system. Proc. ACM Symposium on Operating Systems Principles. SOSP '99, 170-185.
  4. Tanenbaum, A.S., Mullender, S.J., and Renesse, R. van. Using Sparse Capabilities in a Distributed Operating System. Proc. Int'l Conf on Distributed Computing Systems, IEEE, pp. 558-563, 1986.
  5. Hardy, N. 1988. The Confused Deputy: (or why capabilities might have been invented). SIGOPS Oper. Syst. Rev. 22, 4 (Oct. 1988), 36-38.
  6. Mark S. Miller, Ka-Ping Yee, Jonathan Shapiro, 2003. Capability Myths Demolished. Technical Report SRL2003-02, Systems Research Laboratory, Johns Hopkins University.
  7. Hardy, N. 1985. KeyKOS architecture. SIGOPS Oper. Syst. Rev. 19, 4 (Oct. 1985), 8-25.

Lecture 14, Thursday June 03, Secure Operating Systems



  1. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. Making information flow explicit in HiStar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Seattle, WA, November 2006.
  2. Zeldovich, N., Boyd-Wickizer, S., and Mazières, D. 2008. Securing distributed systems with information flow control. In Proc. USENIX Symposium on Networked Systems Design and Implementation, 2008. pp. 293-308.

Lecture 15, Tuesday June 08, Trusted path and secure window systems


Additional literature


  1. Epstein, J. 2006. Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing. In Proc. Annual Computer Security Applications Conference, 301-320.
  2. Shapiro, J. S., Vanderburgh, J., Northup, E., and Chizmadia, D. 2004. Design of the EROS trusted window system. In Proc. USENIX Security Symposium, 2004, 165-178.
  3. Feske, N. and Helmuth, C. 2005. A Nitpicker's guide to a minimal-complexity secure GUI. In Proc Annual Computer Security Applications Conference, 85-94.
  4. Norman Feske, 2009. Securing Graphical User Interfaces. Dissertation, TU Dresden.

Lecture 16, Thursday June 10, Secure Web Browsers



  1. Grier, C., Tang, S., and King, S.T. Secure web browsing with the OP web browser. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, May 2008.
  2. Wang, H. J., Grier, C., Moshchuk, A., King, S. T., Choudhury, P., and Vente, H. The multi-principal OS construction of the Gazelle web browser. In Proc. USENIX Security Symposium, Montreal, Canada, August 2009.

Lecture 17, Tuesday June 15, Buffer overflows



  1. Aleph One, 1996. Smashing the stack for fun and profit. Phrack Magazine No. 49, Nov. 1996.

Lecture 18, Thursday June 17, Format string vulnerability exploitation



  1. Scut, 2001. Exploiting Format String Vulnerabilities.

Lecture 19, Tuesday June 22, Heap and integer overflows


Additional literature:


  1. Anonymous, 2001. Once upon a free().... Phrack Magazine 57, 9.
  2. Blexim, 2002. Basic Integer Overflows. Phrack Magazine 11, 60.
  3. Mark Dowd, 2008. Application-Specific Attacks: Leveraging the Action Script Virtual Machine. IBM Global Technology Services Whitepaper, April 2008.
  4. Eric Chien, Peter Szor, 2002. Blended Attacks: Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. Virus Bulletin Conference Sep. 2002, New Orleans, USA, 1-35.

Lecture 20, Thursday June 24, Return oriented programming



  1. Ryan Roemer, Erik Buchanan, Hovav Shacham and Stefan Savage, 2009. Return-Oriented Programming: Systems, Languages, and Applications. In review.
  2. Ralf Hund, Thorsten Holz, Felix C. Freiling, 2009. Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. Proc. USENIX Security Symposium, 2009.

Lecture 21, Tuesday June 29, TOCTOU attacks



  1. Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva, 2008. Portably Solving File TOCTTOU Races with Hardness Amplification. FAST, pp. 189-206.
  2. Xiang Cai, Yuwei Gui, Rob Johnson, 2009. Exploiting Unix File-System Races via Algorithmic Complexity Attacks. IEEE S&P, Oakland, CA, pp.27-41.

Lecture 22, Thursday July 01, Inline reference monitors



  1. Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar, 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. IEEE S&P, Oakland, CA, pp. 79-93.

Lecture 23, Tuesday July 06, Guest lecture


Lecture 24, Thursday July 08, Humans and passwords



  1. Florencio, D. and Herley, C. 2007. A large-scale study of web password habits. In Proc. WWW, pp. 657-666.
  2. C. Herley, 2009. So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users. NSPW
  3. Volker Roth and Kai Richter, 2006. How to fend off shoulder surfers. Journal of Banking and Finance, 30(6):1727-1751.

Lecture 25, Tuesday July 13, Final exam

Lecture 26, Thursday July 15, Final exam review

©2007-2009  AG SI |  Feedback  |
Last Update: Oct 17, 2010

These Pictures are only displayed on print previews: