CSE592: Security Policy Frameworks
Fall 2007

Other CSE592 Pages

Announcements and Assignments

Course Description

Specification and enforcement of security policies are increasingly important for every organization and enterprise. As new computer systems are built and old systems grow, with security requirements becoming more complex, the number of security vulnerabilities due to incomplete or incorrect security policies is growing. This is stimulating growing interest in more powerful frameworks and tools for specification, analysis, and enforcement of security policies. That is the topic of this course.

Course work includes problem sets, a course project, and 1 or 2 in-class exams (no final exam). Students are encouraged to propose projects, based on their interests. The instructor will also propose one or more projects that students may select.

Course Information

Instructor: Scott Stoller
Meeting Time and Place: Tuesday and Thursday, 9:50am-11:10am, in SocBeh N436.
Office Hours: Monday and Wednesday, 11:30am-12:30pm, and by appointment, and any time I am in my office and not especially busy.
Credits: 3


Most of the material is not covered in any textbook, so the readings are articles from conferences and journals. Here is a tentative reading list.


Role-Based and Usage-Based Access Control

Trust Management

Information Flow

Partially-Trusted Code

Policy Analysis

Distributed Enforcement


Homework Submission. Homework assignments should be submitted as printouts in class on the due date, unless the assignment specifies otherwise. Assignments submitted after the end of class on the due date are late and receive a 3% penalty. The penalty increases by 3% each day.

Communication. The best way to get answers to questions is to talk with the instructor. Email is fine for simple questions, but for more complicated ones, consider that (1) we can talk faster than we can type, (2) our jaws are less likely to get repetitive stress injuries than our hands, and (3) clarifying an issue often requires multiple rounds of questions and answers, which can be completed in a few minutes of conversation but may take days if done by email. Please come to ask questions during office hours if possible, but you can come at other times, too. You can call or email me to make an appointment if you want to increase the chance that I will be available when you come.

Exams. During exams, you may use all the materials on the course website (readings, homework assignments, etc.), your own notes, your own homeworks, and a dictionary. You may not use copies of other people's notes or homeworks.

Grading. Each assignment is graded relative to some maximum number of points (e.g., 20). The maximum number of points is unrelated to the weight of the assignment in the course grade. Each score is normalized into a number between zero and one (e.g., 19/20 -> 0.95) and then multiplied by the weight of the assignment to obtain a weighted score. Course grades are based primarily on the sum of the weighted scores.

Integrity. All students are expected to follow CEAS's policies governing academic dishonesty. If you submit anything that includes any material (including code) created by other people, your submission must clearly indicate the sources of all such material. Failure to indicate the source will be treated as plagiarism. Discussing assignments with other people is allowed. However, after the discussion, each student must write his or her own submission independently. Showing your work to other students, giving it to them, or making it accessible to them (intentionally or through carelessness) is not allowed and will be treated as academic dishonesty.

Disabilities. If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, I would urge that you contact the staff in the Disabled Student Services office (DSS), Humanities 133, 632-6748/9 Voice/TDD. DSS will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation of disability is confidential.

Grading Statistics

The following information may be slightly inaccurate, due to score adjustments, late submissions, etc. Statistics for the project are based on the scores before the individual contribution factor is applied.

Item   MaxPossible   Mean   Std.Dev.
hw1 100 91 8.6
hw2 40 28 6.3
exam 40 26 6.4
proj1 100 100 0
proj2 100 95 2.3
proj3 100 90 5.3

Grading Weights

3 Homeworks6%, 6%, and 3%, respectively
4 Project Parts17% each
1 Exam17%