Advanced Topics in Computer Security:
Principles of Security and Trust*

Joshua D. Guttman     FL 137
Higgins Laboratory 202
Tuesday, Thursday  4–5:20

Class website
is at URL
This syllabus
in PDF format:
The paper summary sheet
in PDF and .tex formats:
paper_summary_sheet.pdf, paper_summary_sheet.tex
(use these or else any other format you prefer, with the same questions.)
Directory of papers
is at papers.
Schedule of readings
is at schedule.html and schedule.pdf.
Paper summaries
are in directory paper_summaries/.
CPSA Examples
are available in the directory cpsa_examples.
A CPSA Exercise
is in exercise/cpsa_class_exercise.html. The CPSA user documentation is at cpsauser.html.
Main goals.

The purpose of this course is to give insight into the principles of security and trust. We focus on fundamental ideas and techniques to design and analyze mechanisms allowing mutually suspicious parties to interact and collaborate through distributed systems. The course will divide into four main parts.

First, we will examine cryptographic protocols, which are the main mechanism for achieving confidentiality and authentication (and many related goals) in distributed systems. Important protocols include SSL/TLS, SSH, IPSec and IKE. We will focus on how protocols break and why; how to analyze them to determine what security goals they achieve, using tools such as CPSA and ProVerif; and how to design new ones. In this part, we treat cryptography as a black box and focus on structural or symbolic analysis methods. Part I Schedule: 23 Aug.–18 Sept.

Second, we will study the foundations of cryptography. We will examine foundational aspects of block ciphers, cryptographic hashes, public key cryptography, digital signatures, zero-knowledge proofs, and secure multiparty computation. We will consider definitions of security for cryptographic primitives. We will identify key assumptions that justify primitives, and general constructions that can be used to build cryptographic operations from suitable building blocks. Part II Schedule: 20 Sept.–11 Oct.

Third, we will examine access control. Access control mechanisms are responsible for authorizing actions or else preventing them, depending on the principals who are performing the actions and the objects on which they are acting. Access control becomes especially challenging in distributed systems, when one principal may depend on other principals to feed reliable information to decisions, or may delegate parts of the decision to others. Part III Schedule: 23 Oct.–6 Nov.

Our fourth part will integrate the topics we have studied in the first three. We will consider:

Part IV Schedule: 8 Nov. –13 Dec.


Our readings will be mainly research papers, with several chapters from Katz and Lindell’s Introduction to modern cryptography to give the basics of cryptography. I will post URLs or place PDFs in our myWPI area for research papers.

Reports and Projects.

Students will complete three small projects and lead 3–5 discussions during the semester.

Each project will include tool-supported analysis of a protocol, exploring variants of the protocol to determine which ones achieve which security goals. A short summary will describe the variants, their security properties, and the key differences. ProVerif and CPSA are relevant tools.

Each student will lead discussions of about 20 minutes on particular research papers. Before each discussion, the leader will fill out a paper summary sheet. The paper summary sheet has five questions. The goal is to answer each question in a few sentences (generally two or three); these answers concentrate a lot of information about the paper.

The summary sheet is due by email to me at 1 pm so that I can print copies to distribute.

During the discussion, the leader and the rest of the class will discuss which parts of the paper support the answers given; which parts contain supplementary details; and which parts have other key goals. Each student in the class should read every paper; highlighting or margin notes are needed to participate effectively in the discussion.

The discussion leader should write a revised summary at the end of the class.

Revised summaries will be posted as part of the class website.

There will be no final exam.

Office Hours.

My office is FL 137. My email address is Please include “[cs564]” in the subject line. This helps me find and respond quickly to messages about this class.

I will have office hours in the first half of the semester:

5:20–6:00, immediately after class.
5:20–6:00, immediately after class.
1–2, as needed.

I am also available at many other times; please send me email. When B term starts I will adjust my office hours. Please do not leave messages on my office phone; I use it rarely.

Listed this year as CS559, Topics in Theoretical Computer Science. This is also in effect the first version of the newly approved class, CS564, Advanced Topics in Computer Security.

This document was translated from LATEX by HEVEA.