CSE591: Security Policy Frameworks
Spring 2005

Apr 24

Homework. The due date for hw4 is postponed to Tuesday, May 3.

Apr 23

Homework. Homework 4

Apr 22

Reading. Beata Sarna-Starosta and Scott D. Stoller. Policy Analysis for Security-Enhanced Linux. In Proc. 2004 Workshop on Issues in the Theory of Security (WITS), April 2004.

Reading. Peter A. Loscocco and Stephen D. Smalley, Meeting Critical Security Objectives with Security-Enhanced Linux. In Proc. 2001 Ottawa Linux Symposium. This paper is a good introduction to SE Linux.

Apr 19

Project Presentations. Here is the proposed schedule for project presentations.
Tuesday, May 3
hemnath, alvin: security policy for student academic records
kabadayi, serdar: security policy for police
hristova, katia: automated complexity analysis for constraint datalog
agarwal, rahul: enforcing access control on device drivers
horvath, nicholas: security for supercomputing cluster
Thursday, May 5
sasturkar, amit: security policy analysis
wang, liqiang: object-oriented logic-programming languages for trust mgmt
poothia, gaurav: XACML with delegation
deepak, ganesh, karthik, and varun: XACML extended for trust mgmt

Apr 14

Project status reports. Every team should submit another status report about progress on their project in class on Tuesday, April 26, which is approximately halfway between today and the project due date (May 5).

Apr 12

Homework. Homework 3

Reading. Ninghui Li, John C. Mitchell, and William H. Winsborough. Beyond Proof-of-compliance: Security Analysis in Trust Management. Journal of the ACM, to appear. Preliminary version appeared in Proc. IEEE Symposium on Security and Privacy, May 2003.

Apr 7

Reading. William H. Winsborough and Ninghui Li. Safety in Automated Trust Negotiation. Submitted to ACM Transactions on Information and System Security. Preliminary version appeared in Proc. IEEE Symposium on Security and Privacy, May 2004.

Apr 5

Reading. Bharat Bhargava, Leszek Lilien, Arnon Rosenthal, and Marianne Winslett. Pervasive Trust. IEEE Intelligent Systems, volume 19, number 5, September/October 2004, pages 74-77. The cited article is only the first few pages of the linked PDF file. You are encouraged to read the rest of it, but we won't cover it in class.

Apr 4

Project status reports. Every team should submit a status report about progress on their project on Thursday, April 14. Please submit a printout in class. It should include a brief description of what the team members have done, and drafts of some documents that will be part of your project submission. Some teams have submitted or will submit a report this week. You can simply submit an updated version of it on April 14. Apr 14 is 4 weeks after the revised project proposal was due on Mar 17, and 3 weeks before the final project is due on May 5, so you should be about halfway finished by then.

Mar 28

Reading. Tyrone Grandison and Morris Sloman. A Survey of Trust in Internet Applications. IEEE Communications Surveys and Tutorials, volume 3, number 4, Fourth Quarter 2000.

Mar 8

Reading. Ross J. Anderson. A Security Policy Model for Clinical Information Systems. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 30-43. IEEE Computer Society Press, 1996.

Mar 4

Homework. Project

Mar 1

Reading. Moritz Y. Becker. A Formal Security Policy for an NFS Electronic Health Record Service.Technical Report, Computer Laboratory, University of Cambridge, forthcoming in 2005. Distributed by email.

Feb 18

Homework. Homework 2

Feb 14

Reading. Sections 1 through 3.0 of: Ninghui Li and John C. Mitchell. Datalog with Constraints: A Foundation for Trust Management Languages. In Proc. Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), volume 2562 of LNCS, Springer-Verlag, Berlin, pp. 58--73, January 2003.

Feb 10

Homework. Homework 1

Feb 8

Reading. Moritz Y. Becker and Peter Sewell. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In Proc. 17th IEEE Computer Security Foundations Workshop, June 2004.

Feb 3

Reading. Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer. The ARBAC97 Model for Role-Based Administration of Roles, ACM Transactions on Information and Systems Security (TISSEC), Volume 2, Number 1, February 1999.

Feb 1

Correction. It turns out that RedHat Enterprise Linux 3 actually has the same semantics for group permissions as the other versions of Linux; Wei was temporarily confused about the groupid of his process.

UNIX Groups. I claimed today that in UNIX (at least in Solaris and Fedora Core 2) a process always has the permissions of all groups to which its userid belongs; this is also true for RedHat 7.3 and 9.0, Fedora Core 3, and RedHat Enterprise Linux 3 (according to Wei Xu) and Debian Linux (according to Nick Horvath).

Mailing List. If you plan to attend this class, please send me an email message, and I will add you to the mailing list.

Jan 27

Reading. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), Volume 4 , Issue 3 (August 2001), pages 224 - 274.

Greeting. Welcome to CSE591!