CSE591: Security Policy Frameworks
Spring 2005

Other CSE591 Pages

Announcements and Assignments

Course Description

Specification and enforcement of security policies are increasingly important for every organization and enterprise. As new computer systems are built and old systems grow, with security requirements becoming more complex, the number of security vulnerabilities due to incomplete or incorrect security policies is growing. This stimulates growing interest in powerful frameworks and tools for specification, analysis, and enforcement of security policies. That is the topic of this course.

We will discuss security policies for centralized systems as well as for systems involving multiple entities that have limited trust in each other, including role-based access control, Security-Enhanced Linux, trust management, and trust negotiation, as well as methods and tools for policy analysis and enforcement. Since rule-based languages are increasingly used for specifying security policies (as well as for semantic web applications and analysis of computer programs and other complex systems), we will also study how such systems can be implemented efficiently.

Course work includes problem sets and a course project. The problem sets are to help understand the materials discussed and carry on the course project. Projects may be done individually or in teams depending on project size. Topics for projects include development of prototypical security policies for application domains, analysis of policies and standards, policy frameworks, and others proposed by the participants; they ideally contribute to a useful system and lead to a Master's project or thesis or to PhD research.


Instructor: Scott Stoller
Co-Instructor: Annie Liu
Meeting Time and Place: Tuesday and Thursday, 11:20am-12:40am. Computer Science 2129.
Office Hours: 1pm-2pm on Tuesday and Friday, and by appointment.
Credits: 3

Readings and References

Most of the material is not covered in any textbook, so the readings and references are articles from conferences and journals. Some representative papers are listed below.


Grading. Each assignment is graded relative to some maximum number of points (e.g., 20). The maximum number of points is unrelated to the weight of the assignment in the course grade. Each score is normalized into a number between zero and one (e.g., 19/20 -> 0.95) and then multiplied by the weight of the assignment to obtain a weighted score. Course grades are based primarily on the sum of the weighted scores.

Integrity. All students are expected to follow CEAS's policies governing academic dishonesty. Suspected academic dishonesty will be reported to CEAS's Committee on Academic Standing and Appeals (CASA). If you submit anything that includes any material created by other people, your submission must clearly indicate the sources of all such material. Failure to indicate the sources will be treated as plagiarism. Discussing assignments with other people is fine. However, each person must write his or her own submission independently. Showing your own work to other students, giving it to them, or making it accessible to them (e.g., by making the files world-readable, intentionally or through carelessness) will be treated as academic dishonesty.

Disabilities. If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, I would urge that you contact the staff in the Disabled Student Services office (DSS), Room 133 Humanities (moved to ECC Bldg during renovation of Humanities), 632-6748/TDD. DSS will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation of disability is confidential.

Grading Statistics

The following information may be slightly inaccurate, due to score adjustments, late submissions, etc. Statistics for the project are based on the scores before the individual contribution factor is applied.

Item   MaxPossible   Mean   Std.Dev.
hw1 30 24.3 7.8
hw2 10 8.8 1.6
hw3 30 27.3 2.7
hw4 10 8.9 0.7

Grading Weights


The weight for homeworks is divided equally between the four assignments.

Submission of Assignments

Assignments that do not involve programming should be submitted as printouts in class on the due date, unless the assignment specifies otherwise. Assignments submitted after the end of class on the due date are late and receive a -3% penalty. Assignments submitted the next day receive a -6% penalty, and so on.

To submit an assignment that involves programming,
  1. Put all of your files (code and documentation) into a directory with a unique name (for example, your userid) and use zip -r to zip the entire directory tree. Email the .zip file to stoller AT cs DOT sunysb DOT edu. AND
  2. Submit a hardcopy of the documentation (e.g., user manual, including instructions for compiling and running your program) in class, or put it under the door of my office (Computer Science 1429). Save a tree! Do not submit printouts of your code!