Practical Data Security
2002 version
[last update: May 1, 2002]
This is the home page of the second-part course in Practical Data Security.
We cover some practial aspects of data security, as described in the
course plan below
Time and Place
Monday 11-12, Aud. D4
Thursday 12-14, Aud. D4
Documentation
Will consist of take-home exam at the end of the course.
Course Material
-
Ivan Damgård: An overview of some crypto concepts
available here
as ps file (note: revised February 21)
-
Wagner and Scheier: Analysis
of the SSL 3.0 Protocol. See also the SSL
specification.
-
Abadi et al: A logic of Authentication, handed out as paper copies
-
Chapters 3 and 4 of Gollmann: Computer Security, handed out as paper copies.
-
Slides by Jan Kjærsgaard on International Standards, PowerPoint
file here.
-
Slides by Marco
Carbone and Jesus Almanza and paper
by
Maurer and Kohlas on
reasoning about uncertain evidence in public key infrastructures.
-
Slides by Niels
Damgaard on Java Security
-
Notes by Glynn
Winskell on SPL (only chap.6-7 are relevant)
-
Slides by Jan
Møller on Firewall Security
more will be added here, as it becomes available
Exercises
Course Plan
Week Lecturer
Subject
6-10: Ivan Damgård
Basic Crypto-concepts, example protocols and breaks,
Validation of protocols
11, 12: Jan Ulrik Kjærsgaard,
Crypto standards, ASN1, X509, etc; case studies
Cryptomathic
14: Marco Carbone and
Jesus Almanza: Trust management
15,16: Niels Damgaard,
The Java Security Model
Systematic
17: Glynn Winskell
The SPL process language for security protocols
18: Ivan Damgård
Fireweall Security
19: Michael Schwarzbach
Security in JWIG
20: Take home exam
21: Feedback on Exam,
wrap-up
Links
A link to the all-or-nothing
encryption mode invented by Rivest - may make exhustive key search
harder
in some cases.
Some considerations from the people behind Apache on what companies
should do in the way of security in practice.
PDF file available here.
A link to the Cambrigde
hack against the IBM 4753.