COMP 5900V: Biological Approaches to Computer Security

Carleton University, Winter 2004
Course Outline

Instructor: Anil Somayaji (Office Hours: Tuesday 3-4:30, Wednesday 4-5:30)
Meeting Time: Tuesday 6-9 PM, January 6th through March 30th
Meeting Place: 202 Tory Building, Carleton University

Official Course Description: Course on the applicability of biological metaphors to computer security. Computer immunology, autonomic computing, and computer homeostasis are compared with traditional approaches to authentication, integrity, and intrusion detection. Relevant background biology will be presented. Students will design and critique new security mechanisms.

Prerequisites: A curious, open mind and an interest in computer security. While the course is oriented towards computer science graduate students who have taken one or more courses in computer security, it should be understandable to anyone with a reasonable computer science background. Previous knowledge of biology is a plus but not essential. This course is also open to biologists who are interested in learning more about computers, and in the process a bit about biology.

Format of Course: While the early part of the course will include introductory lectures, the bulk of class time will be spent discussing assigned readings. Before beginning general discussion, one or two individuals will be randomly chosen at the beginning of class to present the basic ideas and arguments of the readings in question. While these presentations will not be specifically graded, they will count towards overall class participation. Since presentations are not assigned in advance, all class participants (registered students and listeners) are strongly encouraged to study the assigned readings for each class.

Texts: Most readings will be available online through this web page. You will also need a copy of Acquiring Genomes: A Theory of the Origins of Species by Lynn Margulis and Dorion Sagan, 2002 (available through most bookstores and Amazon). A standard biology textbook may be helpful as a supplement to the course.

Grading: Final grades will be calculated based on 60% for a class project and 40% on class participation, divided as follows:

The "reading responses" are a short (one page) write-ups that summarize the readings for a given class. A reading response is due at the beginning of each class for which there are assigned readings. I will not grade these for style or grammar (although I appreciate both); instead, I am looking for evidence that you have read and thought about the readings. You may find some papers hard to understand; if this is the case, your write-up should explain what was confusing about them. The primary purpose of these assignments is to ensure that everyone comes to class prepared.

The project rough draft is to be 2-5 pages in length, while the final report is to be 5-10 pages (single-spaced, 12 point font). Students will receive extensive feedback on their rough drafts and will primarily be graded on effort. The final project is expected to be a polished presentation of material, complete with appropriate citations. Ideas for appropriate projects will be discussed in class.

Ethics & Intellectual Honesty: I view all students in this course as independent junior researchers. In this context, I expect everyone to uphold the highest intellectual and ethical standards. Ideas should be properly credited, whether in written or oral communications. Further, individuals should be respected, no matter how strange their ideas or presentation may seem. Disrespect to other class members will be negatively reflected in class participation grades. Significant intellectual dishonesty in any form will result in failing grades on the assignment and, as appropriate, university disciplinary action.

Special Needs Students: Students with disabilities requiring academic accommodations in this course are encouraged to contact a coordinator at the Paul Menton Centre (PMC) for Students with Disabilities and to make an appointment to meet and discuss your needs with me by February 3, 2004. I will do my best to make reasonable accommodations within the context of the course.

Daily class outline (subject to change)





January 6th


Overview of class, introduction to biology


January 13th


Artificial Life

A. K. Dewdney, Core Wars
Tom Ray, Tierra (online html, PDF)
David Ackley, Real Artificial Life

January 20th

Dave S.

Viruses, Worms, & Epidemiology

Fred Cohen, Computer Viruses - Theory and Experiments
Eugene Spafford, Computer Viruses as Artifical Life
Moore et al., Code-Red: a case study on the spread and victims of an Internet worm
Moore et al., The Spread of the Sapphire/Slammer Worm
Robert G. Webster & Elizabeth Jane Walker, Influenza

January 27th


Evolution & Innovation

Margulis & Sagan: book (optional review of book)
discussion guide

February 3rd


Immunology: negative selection & LISYS

Hofmeyr, An Interpretative Introduction to the Immune System, (PS)
Forrest et al., Self-nonself discrimination in a computer (PS)
Hofmeyr & Forrest, Architecture for an Artificial Immune System (PS)
Kim & Bentley, Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection (PS)
Balthrop, Glickman, & Forrest, Revisiting LISYS: Parameters and Normal Behavior (PS)

February 10th


Immunology, Homeostasis, & System Calls
(Anil presents pH)
Project rough draft due

Forrest et al., A Sense of Self for UNIX Processes
Somayaji et al., Principles of a Computer Immune System

February 17th


No class: Winter Break

Read a novel

February 24th



Forrest et al., Building Diverse Computer Systems
Cowan et al., The Cracker Patch Choice: An Analysis of Post Hoc Security Techniques
Bhatkar et al., Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
Barrantes et al., Randomized instruction set emulation to disrupt binary code injection attacks

March 2nd


Autonomic Computing

Diegelmann & Evans, Wound Healing: An Overview of Acute, Fibrotic, and Delayed Healing
Horn, Autonomic Computing: IBM's Perspective on the State of Information Technology
Chess et al., Security in an autonomic computing environment
Ling & Fox, A Self-Tuning, Self-Protecting, Self-Healing Session State Management Layer
Russel et al., Dealing with ghosts: Managing the User Experience of autonomic computing

March 9th


Development & Systems Administration

Burgess, A Site Configuration Engine
Burgess, Computer Immunology
Beck & Habicht, Immunity and the Invertebrates
Litman, Sharks and the Origins of the Vertebrate Immune System (one PDF)

March 16th


Infectious diseases
RNA Interference
Class Summary

Lederberg, Infectious History (HTML)
Yao et al., Programmed DNA Deletion as an RNA-guided System of Genome Defense
Matzke & Matzke, RNAi Extends its Reach

March 23rd


No class


March 30th


Project oral presentations


April 6th


Project oral presentations (cont.)
Final project due April 16th


I'm soma here at (Use @ to put them together to email me.)
[Home] Last modified: February 22, 2004