Information Trust Institute: University of Illinois at Urbana-Champaign

 

Security Resources

Here is a list of useful security sites:

• Build Security In Portal - A DHS-sponsored repository of information on secure software engineering.
• National Information Assurance Training and Education Center - Contains links to many security documents, particularly government documents.
• CITES security - Information about security issues on the UIUC campus.
• SANS Institute - Information about current threats
• UIUC Security reading group - Fall 05 site and Site from previous semesters - Contains links to discussed papers and discussion notes.

Here is a list of links to some foundational papers that are referenced in UIUC security classes. Some older papers are mirrored here. Other papers are linked to the copyrighted repository.

• Secure Computer Systems: Mathematical Foundations Volume 1, D. Elliott Bell and Leonard J. LaPadula, MITRE Technical Report 2547, dated 1 March 1973.
• Secure Computer Systems: Mathematical Foundations Volume II, Leonard J. LaPadula and D. Elliott Bell, MITRE Technical Report 2547, dated 31 May 1973.
• Secure Computer System: Unified Exposition and Multics Interpretation, D. Elliot Bell and Leonard J. LaPadula, MITRE Technical Report 2997, March 1976.
• Setuid Demystified, Hao Chen, David Wagnre, and Drew Dean .
• The Chinese Wall Security Policy, D. Brewer and M. Nash, Proc. IEEE Security and Privacy Symposium, 1989.
• A Comparison of Commercial and Military Computer Security Policies , D. Clark and D. Wilson, 1987.
• A Comment on the "Basic Security Theorem" of Bell and LaPadula, J. McLean, Information Processing Letters 20 (1985), pp. 67-70.

UIUC Information Assurance Policies, Plans, and Procedures

• University of Illinois system-wide policies, plus the UI Ethics Office
• University of Illinois at Urbana-Champaign campus policy sites include the Office of the Chief Information Officer Security Services and Information Privacy site and the Office of the Chief Information Officer Information Technology Policies site
• University of Illinois Administrative Information Technology Services pages for policies and security incident response plan
• Business and Financial Policies and Procedures page on Information Technology Policy
• UIUC policy on acceptable use
• University of Illinois policy on Social Security numbers
• Office of University Audits, including information on security policies and audits
• Student and staff security measures: CITES Security main site and Bluestem information, as well as computing services resources for staff and students

Other UIUC Resources

• Illinois summit on Cybersecurity video clips are available here.

Other Resources Outside UIUC

• National Science and Technology Council's Federal Plan for Cyber Security and Information Assurance Research and Development (April 2006)
• "Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software (Draft, v0.9)," from the Department of Homeland Security (Jan. 9, 2006)
• The newly released (Nov. 2005) CNSS Instruction No. 4016, "National Information Assurance Training Standard for Risk Analysts."
• Applications are being accepted for the Federal Cyber Corps Scholarship for Service program at the Naval Postgraduate School. The awards are for Fall 2006 admissions into their 2-year Masters program in computer science. Deadline is March 1, 2006.
• National Security Agency, Central Security Service's web site of information assurance events.
• National Information Assurance Training and Education Center (NIATEC)
• (ISC)2® Seeks Candidates for annual $50,000 Information Security Scholarship Program. Full-Time Post-Graduate Information Security Students Can Receive Up to $12,500 Apiece in Individual Awards. [ Flyer | More Details (PDF) ]
• Information Assurance Technology Analysis Center (IATAC)
• Illustrative Risks to the Public in the Use of Computer Systems and Related Technology maintained at SRI International
• Other University Sites and Course Materials , maintained by Professor Ronald L. Rivest at MIT
• IEEE Cipher Calendar of Security and Privacy Related Events
• CFPs from Security and Privacy Related Conferences maintained by IEEE
• InfoSec News (ISN) security mailing list provided by C4I.org
• The Twenty Most Critical Internet Security Vulnerabilities provided by SANS/FBI
• NSTISSC National Education and Training Standard for System Certifiers