CS 587: Computer Systems Security

A note about the course

This is a broad, conceptual course about computer security. In general, computer security is the study of what is the effect on computing when there are attackers. The attacker is by defintion an intelligent adversary. Thus the attacker will seek the weakest link(s) in attacking a system. This threat cannot be defended against by a single technique or a single set of techniques. This course paints a broad picture of computer security, with an emphasis on how computer security affects computer systems.

This is a systems course, so it is advisable that students have some systems background and hence it is desirable to have a background in CS 385, CS 366, and/or CS 450. This is not a programming intensive course like CS 486 (Secure Operating System Design and Implementation).


  • For the final, you can have a letter-sized crib sheet (printed on two sides) at least at 10pt type or equivalent.
  • a revised goOnEthos document
  • Letter assignment: Each option below will be ranked by grading points, and letter grade cutoffs determined based on mastery of the material. (It is possible that there will be different cutoffs for different options). The vast bulk of that will be on Test and Final. (You should aim to show mastery of the material on tests primarily, and to get points from assignment as a secondary issue).
  • Grading Points.
    item Project Final Project+Final
    Homework 10% 10% 10%
    Ethos assignment 10% 10% 10%
    Test 50% 35% 30%
    Final 45% 40%
    Project 30% 10%
  • This is the project list. If you are doing a project a project, you must send your team and preferences to Hamed. Projects are due December 9th at midnight, with a demonstration on Monday; You must sign up for a time in the afternoon (after 1:00) on either the 8th or the 12th to do a project demonstration. If you sign up for the 8th, your assignment is due at that time.
  • If you got less than a 50 on the test: You must take the final. You may do a project in addition, but must inform us before the Final.
  • If you got at least 50 on the test: You can do either the final or a project. If you want to take the final, you must send Hamed email.
  • Ethos Final: Tuesday, Dec. 6th, 6:00-8:00 in BH B6 Questions on Text book material covered in the Test plus questions on Ethos.
  • Ethos Assignment ethos assignment
  • Go on Ethos manual goOnEthos
  • Standalone tar file containg a Go program with build and intall code for a binary Ethos distribution. go program tar file
  • Test will be on chapters 1-5, Homework 3 solutions will be out by 31 Oct.
  • Homework 3: Due 31 Oct, Chap 4: 3,5,7,10, 14, 15, 28; Chap 5 1,3,5,7,14, 18, 25
  • Test on November 2
  • Homework 2: Due 12 Oct, Chap 3: 35, 39, 41, 43, 47, 48, 49, 51, 52, 55, 58, 59
  • chapters are available for pickup in 4224 SEL (3:00-5:45 W)
  • 6 additional pages (problems from chapter 3) have been handed out
  • Homework 1: Due 3 Oct, Chap 3: 1, 3, 5, 10, 14, 20, 23, 26, 27, 29, 33
  • Chapter 3 has been handed out
  • Chapters 1 and 2 have been handed out
  • Download VMWare and install it on your machine
    • Go to http://go.uic.edu/csvmware
    • Click on the "sign in" link at the top
    • click on "register"
    • select "An account has been created..." and continue with the xregistration.
  • Class project can be a programming project, or a write up of something closely related to the course.
  • There will be one (group) assignment on Ethos, an operating system which is designed to make it easier to write secure programs. This will require you to install Ethos on a virtual machine (VMware), read some Ethos documentation, and write an Ethos program.
  • Manuscript will be handed out in class
  • Web page updated for 2016 semester

Required Text

    We'll be using my manuscript which we used last time. Its over 500 pages at this point (we cover about 1/2 in this course) plus front and back matter.

Required work

  1. 1 Midterm
  2. 1 Final
  3. Class Project
  4. Programming project (Ethos)
  5. Homeworks


This course explores in depth Computer Security. Computer security is a subject of growing concern as a result of increasing
  1. number of computers on the Internet;
  2. number of services on the Internet;
  3. amount of sensitive information on the Internet;
  4. reliance on computers for organizations; and
  5. commonality of software and hardware.

This course will examine:

  • Definition of computer security
  • Security models (eg. Chinese Wall, Bell-LaPadula, and Clark Wilson) and properties (eg. information flow, non-interference, separation of duties)
  • Computer systems structure and its impact on security
  • Authentication
  • Errant programs
  • Attacks
  • Assurance that systems meet their security goals
  • Access control models, their use and analysis (eg. POSIX/Unix models, Lattice, Type enforcement, LEAP)
  • Covert channels and their analysis
We shall examine these issues from the perspective of the white hats--those that protect the system--and the black hats--those that attack the system.

This is a systems course, and while it is intended to be self-contained will explore issues primarily in software including operating systems and applications software.

Required Work

The work is going to include:
  • homework assignments,
  • programming assignments (these are not intended to be very large),
  • test(s) and
  • Possibly a course project, depending on the availability of software.
Recommended Reading:
  • Ross Anderson, Security Engineering, John Wiley. (Really nice discussions of many topics and very readable. Highly recommended.)
  • Pfleeger and Pfleeger, Security in Computing, Prentice-Hall, 3rd Edition. (Used last time for this course, good coverage of OS issues.)
  • Gollmann, Computer Security, John Wiley. (Broad coverage, but terse)

Undergraduates wishing to take the course should send me email with the following information:

  • Number of completed credit hours
  • Any required courses not yet taken.
  • List of 400 level courses taken (and grades achieved).
  • Background in OS
  • Are you requesting course count as a technical elective (this will be harder)
  • Have you filed a petition?
  • Reason for wanting to take the course

Jon A. Solworth
Last modified: 29 August 2012