University home »
Faculty of Science »
Department of Computer Science »
Courses » Compsci 725 FC » Archive » 2001 » Lectures »
Computer Science
Lectures
Announcements
- NZSA Meeting, starting 4.30pm 30 May. Venue: Horse and Trap, 3 Enfield Street, Eden Terrace. Speaker: Paul Maihi, Security Manager at BNZ. Topic: "Security within the NZ banking industry".
- An Evening with Industry, 6-8:30pm, Thursday 17 May. "A meeting jointly organised by the New Zealand Computer Society and The University of Auckland, Department of MSIS. Bringing together academics, students and leading computing/information systems professionals to discuss the prospects for Information Systems / Computer Science graduates and the state of the marketplace in this field."
- An Inside Look at E-Commerce, seminar by Hal Berghel, 1pm 9 May, 246 Math/Physics. Immediately afterwards, Hal will discuss the formation of an ACM student chapter at Auckland Uni.
- SLC Workshop Announcement, notably including a workshop on "Summarising, Paraphrasing, and Referencing" (open to all postgraduates), Tuesday 1st May, 10-11am, Old Choral Hall G10. Preregistration is necessary.
- O'Reilly Awards $10,000 1-Click Bounty to Three "Runners Up", O'Reilly Network, 14 March 2001.
- Should Patents be Granted for Computer Software or Ways of Doing Business? - Consultation Conclusions, UK Patent Office, 12 March 2001.
- Your class representative is Jenny Liu.
- Tue 13 March: "Privacy issues on the Internet: the dos and the don'ts", MSIS seminar by John Payner and Winnie Chung, 1-2pm, Rm G10, Commerce A.
- Challenges in Software Security (90 KB file in PPS format), lecture by Clark Thomborson at the 1 March 2001 meeting of the New Zealand Information Security Forum.
Handouts
- Handout 1: General information and term schedule.
- Handout 2: Student information sheet.
- Handout 3: first set of readings (available in hardcopy only)
- C. Pfleeger, "Is there a security problem in computing?", Chapter 1 of Security in Computing, 2nd edition, Prentice Hall, 1997.
- C. Collberg, C. Thomborson, D. Low, Obfuscation Techniques for Enhancing Software Security, Published International Patent Application WO9901815, World Intellectual Property Organization, filed June 9, 1998; see also WO9964973.
- Patent Law Basics, Office of Technology Transfer, University of Arizona, 14 December 1998.
- K. Nichols, "The Age of Software Patents", IEEE Computer, April 1999.
- Letters to the editor, by Gimlan, Page and Hayden in response to Nichols' article, IEEE Computer, June 1999.
- P. Samuelson, "Encoding the Law into Digital Libraries", Comm. ACM, April 1998.
- Handout 4: Lecture slides set 1.
- Handout 5: Lecture slides set 2.
- Handout 6: Course bibliography. (Updated 28 May 2001.)
- Handout 7: Second set of readings (available in hardcopy only):
- Ethical statements from IEEE, CPSR, and RSNZ.
- Pfleeger, "Ethical issues in computer security," section 11.5 of Security in Computing, 2nd edition, Prentice Hall, 1997.
- C. Mann, "Who will own your next good idea?", The Atlantic Monthly, 57-82, September 1998.
- H. Rosner, "Steal this software," The.Standard.com, June 19, 2000.
- P. Radatti, "Cybersoft, Incorporated Moral Guidelines," Cybersoft, Inc, 1996.
- C. Collberg and C. Thomborson, "Watermarking, Tamperproofing, and Obfuscation - Tools for Software Protection," Computer Science Department Technical Report 170, University of Auckland, February 2000, 15 pp.
- Handout 8: Lecture slides set 3 on oral presentations and term reports. (Never handed out. See Handout 12, below.)
- Handout 9: Ordered list of student presentations (draft #3, 27 March 2001).
- Handout 10: Lecture slides on Ethics & Copyright.
- Handout 11: third set of readings. Available in hardcopy only:
- Effectively Using Direct Quotations, University of Richmond Writer's Web, 2 pp., undated. Downloaded from http://www.richmond.edu/~writing/wweb/dq.html, 15 March 2001.
- Honesty , Auckland University Computer Science Department Handbook, 2pp., undated. Downloaded from http://www.cs.auckland.ac.nz/handbook/current/UG.H.html, 15 March 2001.
- What is Plagiarism, and Quoting, Summarizing and Paraphrasing, by M Spears, Grosse Point North High School, Michigan (USA), 2 pp., undated. Downloaded from http://www.ehhs.cmich.edu/~mspears/plagiarism.html on 14 March 2001.
- "Foundations", Chapter 1 of Applied Cryptography: protocols, algorithms, and source code in C, by Bruce Schneier, John Wiley & Sons, second edition, 1996, pp. 1-17.
- "Security Issues in Mobile Code Systems," David M Chess, in G Vigna (ed.), Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 1-14, 1998.
- Handout 12: Lecture slides on oral presentations, term reports, software watermarking and obfuscation.
- Handout 13: Tentative Schedule for CompSci 725 (updated 28 May 01).
- Handout 14: Lecture slides on academic writing and cryptography.
- Handout 15: fourth set of readings. Available in hardcopy only:
- Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of a secure account-based electronic payment system. Research Report RZ 3137, IBM Research Division, June 1999. http://www.zurich.ibm.com/Technology/Security/publications/1999/BGHHKSTHW99.ps.gz. Omit paragraphs 3-5 and 6 from Section 2. Omit Section VI and Appendix.
- I Cox, J Linnartz, "Some general methods for tampering with watermarks", to appear in IEEE J Selected Areas of Communications. Omit Section 4. Omit first paragraph of Section 5. Omit page 10. Omit all of Section 6.2 and 6.3 except first paragraph.
- D. Aucsmith, "Tamper Resistant Software: An Implementation", in Information Hiding Workshop, RJ Anderson (ed), LNCS 1174, pp. 317-333, 1996. Omit last half of page 322, all of pages 323-4, first half of page 325, page 328 below "Integrity Verification Protocol", all of pages 329-331.
- David Margrave, "GSM Security and Encryption", MS project report, ECE Department, George Mason University, May 1995. (This is a non-archival but heavily referenced net-document, found July 2000 at http://www3.l0pht.com/~oblivion/blkcrwl/cell/gsm/gsm-secur/gsm-secur.html. The author may be contacted at david@margrave.com.). Omit sections 2.1, 2.2, 2.3, 5.2, 5.3, 6.0, 7.0. Also read the first page of David Wagner's 2-page paper on "GSM Cloning", omitting "Information for Cryptographers."
- Handout 16: fifth set of readings. Available in hardcopy only:
- V Paxson, "Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks 31(23-24), 2435-2463, 14 Dec 1999. Available: ftp://ftp.ee.lbl.gov/papers/bro-CN99.ps.gz, March 2001. (The hardcopy handout was taken from an online update to the USENIX conference version of this paper.) Omit the last half of Section 2.2. Read only the first four paragraphs of Sections 3.1; omit Section 3.2; read only the first four paragraphs of Section 3.3; omit Section 3.4; omit Section 4; read only the first paragraph of Sections 5.1 and 5.2; omit the last four paragraphs of Section 5.3. Refer to the online version for Figure 2, and more information on the TTL-based evasion attack on an intrusion detection system: this will be distributed in handout 23. Omit Sections 6, 7, 8 and Example A.
- Ulf Lindqvist, Erland Jonsson. "A map of security risks associated with using COT,S in IEEE Computer 31:6, 60-66, June 1998. Available: http://www.ce.chalmers.se/research/Computer_Security/Publikations/pubs/cots98.pdf, March 2001.
- Handout 17 (available online only): Wei Zhong's presentation on Chess, "Security Issues in Mobile Code Systems".
- Handout 18 (available online only): Mark Alford's presentation on Cox & Linnartz, "... Tampering with Watermarks".
- Handout 19 (available online only): Jinping Li's presentation on Bellare, "... iKP Secure Electronic Payment System."
- Handout 20 (available online only): Weimin Yang's presentation on Aucsmith, "Tamper Resistant Software..."
- Handout 21 (available in hardcopy only):
- Figure 2 and supporting text from V Paxson, "Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks 31(23-24), 2435-2463, 14 Dec 1999. Available: ftp://ftp.ee.lbl.gov/papers/bro-CN99.ps.gz, March 2001.
- Girard & Lanet, "New Security Issues Raised by Open Cards", Elsevier Technical Report on Security, pp19-27, Vol 4, N02; Technical Report SM-99-03, Gemplus Research Lab, June 1999. Available: http://www.gemplus.fr/smart/r_d/publications/art17.htm, March 2001.
- Sebe et al, "Spatial-Domain Image Watermarking...", LNCS 1975, eds. Pieprzyk et al., pp. 44-53, Springer-Verlag, 2000.
- F Hohl, "Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts," Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 92-113, 1998.
- I Krsul, E Spafford, "Authorship Analysis: Identifying the Author of a Program," Technical Report CSD-TR 96-052 (Coast TR 96-06), Department of Computer Sciences, Purdue University (USA), 27 pp, 1996. Available: ftp://ftp.cerias.purdue.edu/pub/papers/ivan-krsul/krsul-spaf-authorship-analysis.ps, November 2000.
- Handout 22 (available in hardcopy only):
- Excerpts from F Woodford, Scientific Writing for Graduate Students, Rockefeller University Press, 1968.
- A Eisenberg, Writing Well for the Technical Professions, Harper & Row, 1989, pp. 39-40 and 46-51.
- E Papadakis, "Why and What for (Four): The Basis for Writing a Good Introduction", Materials Evaluation 41, Jan 1983, pp. 20-21.
- Handout 23: Lecture slides on Report Writing.
- Handout 24 (available online only): Y Liu's presentation on Paxson, "Bro: ...".
- Handout 25 (available online only): M Painter's presentation on Lindquist & Jonsson, "... COTS".
- Handout 26 (available online only): H Hassan's presentation on Margrave, "GSM Security...".
- Handout 27 (available online only): Z Liu's presentation on Girard & Lanet, "Open Cards...".
- Handout 28 (available online only): Report Writing #2: sample titles and abstracts.
- Handout 29 (available online only): G Rugg's presentation on Sebe, "Spatial-Domain Image Watermarking".
- Handout 30: Jay Garden, INFOSEC Assessments, Government Communications Security Bureau, "New Zealand e-Government Security Initiatives."
- Handout 31 (available in hardcopy only):
- The first four pages of "E-Government: Protecting New Zealand's Infrastructure from Cyber-Threats", 8 Dec 2000, available http://www.e-government.govt.nz/projects/niip/niip-report-final.pdf, April 2001.
- "S.E.E. Mail", available http://www.e-government.govt.nz/projects/see/mail1.html, April 2001.
- "S.E.E. Mail - Frequently Asked Questions", available http://www.e-government.govt.nz/projects/see/mail6.html, April 2001.
- The first four pages of "Interim Guidelines for PKT in Govt v0.97", November 2000, available http://www.e-government.govt.nz/guidelines/interim-guidelines-for-pkt-in-gov t-v097.pdf, April 2001.
- The Research Process, Instructional Services, University of Auckland, 19 July 1999. Available http://www.library.auckland.ac.nz/subjects/comp/compsubj.htminstruct/research.htm, April 2001.
- Handout 32: Lecture slides on research skills: discovering and citing relevant articles for your term paper.
- Handout 33: Sample Final Exam Questions.
- Handout 34: Sample student answers and instructor's comments to Sample Final Exam Questions.
- Handout 35 (available online only): X Deng's presentation on Hohl, "Time-Limited Blackbox Security".
- Handout 36 (available in hardcopy only):
- Assignment 2: ungraded assignment on applications of X.509 certificates.
- "Core PKI Services: Authentication, Integrity, and Confidentiality", Chapter 4 of Understanding Public Key Cryptography, by C Adams and S Lloyd, MacMillan Technical Publishing, 1999. Available: http://www.microsoft.com/technet/security/corepki.asp?a=printable, April 2001.
- John K. Ousterhout, Jacob Y. Levy, Brent B. Welch, "The Safe-Tcl Security Model," In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 217-234, 1998. Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
- F Cohen, Operating System Protection Through Program Evolution. "Generated Sat Feb 28 13:36:44 PST 1998 by fc@all." "Copyright 1992." Available: http://all.net/books/IP/evolve.html, April 2001.
- Hector Garcia-Molina and Narayanan Shivakumar, "Safeguarding and Charging for Information on the Internet", Proc ICDE'98, February 1998. This paper, and other papers co-authored by Shiva are available at http://www-db.stanford.edu/~shiva/.
- J Bates, "Fundamentals of computer forensics," International Journal of Forensic Computing, Jan/Feb 1997. Available: http://www.forensic-computing.com/archives/fundamentals.html, March 2001.
- Li Gong, Roland Schemers, Signing, Sealing, and Guarding Java Objects. In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 206-216, 1998. Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
- Handout 37 (available online only): Wei Zhang's presentation on Krsul & Spafford, "Authorship Analysis: Identifying the Author of a Program".
- Handout 38 (available online only): Yu-Chang Shen's presentation on Ousterhout et al., "The Safe-Tcl Security Model".
- Handout 39: Lecture Slides on Report Writing #3: basic forms.
- Handout 40 (available online only): Ben
Ihle's presentation on Cohen, "Operating System Protection Through
Program Evolution".
N.B. A hardcopy handout numbered #40 contains excerpts from- Law et al., "How to make a mint: the cryptography of electronic cash."
- Handout 41 (available online only): Min Ren's presentation on Garcia-Molina & Shivakumar, "Safeguarding and Charging for Information..."
- Handout 42 (available online only): Ming Li's presentation on Bates, "Fundamentals of Computer Forensics".
- Handout 43 (available in hardcopy only):
- P W Dowd & J T McHenry, "Network Security: It's Time to Take It Seriously", Computer, Sept 1998, pp 24-28.
- Drew Dean, Edward W Felten, Dan S Wallach, "Java Security: From HotJava to Netscape and Beyond", In 1996 IEEE Symposium on Security and Privacy, May 1998. http://www.cs.princeton.edu/sip/. (Note: the last two pages of this section of the handout were omitted during copying, and will be handed out separately in class.)
- Stephenson, "Computer Forensic Analysis - Computer Crimes at the Computer", pp. 98-110 of Investigating Computer-Related Crime, CRC Press, 2000.
- C Gilmore, D Kormann, and A Rubin, "Secure Remote Access to an Internal Web Server", IEEE Network, Nov-Dec 1999, pp. 31-37.
- Handout 44 (available in hardcopy only):
- Selected pages from J Daemen, V Rijmen, "AES Proposal: Rijndael", Document Version 2, 03/09/99, 45 pp. Available: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip, 20 April 2001.
- Handout 45 (available online only): Yongquian Li's presentation on Gong et al., "Signing, Sealing, and Guarding Java Objects".
- Handout 46 (available online only): Craig Stanton's presentation on Law et al., "How to Make a Mint".
- Handout 47 (available online only): Mingzeng Zhang's presentation on Dowd, "Network Security...".
- Handout 48 (available online only): Jenny Liu's presentation on Drew et al., "Java Security...".
- Handout 49 (available online only): Aaron Cheeseman's presentation on Stephenson, "Computer Forensic Analysis...".
- Handout 50 (available online only): Jianning Tan's presentation on Daemen et al., "AES Proposal: Rijndael".
- Handout 51 (available in hardcopy only):
- La Due, "The Maginot License...", 1997. http://metro.to/mladue/hostile-applets/maginot.html
- Ho, "A Study into the Problem of Software Piracy in Hong Kong and China," Master's dissertation, Management and Information Systems, London School of Economics and Political Science, 1995. http://www.info.gov.hk/ipd/piracy.html
- Alireza et al., "The Challenges of CORBA Security", to appear in Proceedings of the Workshop "Sicherheit in Mediendaten", Gesellschaft f|r Informatik (GI), Springer-Verlag. Available: http://citeseer.nj.nec.com/393276.html, May 2001.
- Hunt, "Internet/Intranet firewall security...", Computer Communications 21 (1998), 1107-1123.
- Handout 52: Lecture Slides on Report Writing #4: final steps.
- Handout 53 (available online only): Igor Kurlatov's presentation on Gilmore, "Secure Remote Access to an Internal Webserver".
- Handout 54 (available online only): Li Fajie's presentation on La Due, "The Maginot License ...".
- Handout 55 (available online only): Tang Kok Lim's presentation on Ho, "... Software Piracy in Hong Kong & China".
- Handout 56 (available in hardcopy only):
- Wallach et al., "Extensible Security Architectures for Java", 16th ACM Symp on Operating Systems Principles, October 1997. Available: http://www.acm.org/pubs/citations/proceedings/ops/268998/p116-wallach/, and http://www.cs.princeton.edu/sip/pub/sosp97.html, May 2001. See http://citeseer.nj.nec.com/wallach97extensible.html.
- Hans Hedbom, Stefan Lindskog, Stefan Axelsson, Erland Jonsson. A Comparison of the Security of Windows NT and Unix, web document, October 1998. Available: http://www.ce.chalmers.se/staff/sax/nt-vs-unix.pdf, May 2001. See http://citeseer.nj.nec.com/205186.html.
- N Brownlee, E Guttma N Brownlee, E Guttman. "Expectations for Computer Security Incident Response", RFC 2350 of Internet RFC/STD/FYI/BCP Archives, June 1998. Available: http://www.faqs.org/rfcs/rfc2350.html, May 2001.
- T Killalea, "Recommended Internet Service Provider Security Services and Procedures", RFC 3013 of Internet RFC/STD/FYI/BCP Archives, November 2000. Available: http://www.faqs.org/rfcs/rfc3013.html, May 2001.
- Handout 57 (available online only): Roneel Naidu's presentation on Alireza et al., "... CORBA Security".
- Handout 58 (available online only): Hosein Derhamy's presentation on Hunt, "Internet/Intranet Firewall Security...".
- Handout 59 (available online only): Haipeng Wu's presentation on Wallach et al., "Extensible Security Architectures for Java".
- Handout 60 (available online only): Clare West's presentation on Hedbom et al., "A Comparison of the Security of Windows NT and Unix".
- Handout 61: Nevil Brownlee's presentation slides (revised slightly since his presentation on 30 May) on "Network Security: IETF and the GRIP WG". This presentation is based on RFCs 2350 and 3013 of the Internet RFC/STD/FYI/BCP Archives.
- Handout 62: list of required readings, organised by topic.
The lecture notes are available in "powerpoint slideshow" (pps) format. To view or print PPS, you will need Microsoft's PowerPoint or a PowerPoint viewer. You can download freeware PowerPoint viewers for your Macintosh (6.5 MB) or Windows PC (2.8 MB).
-
Related Programmes