CSE 543 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Readings for Discussion (do readings before class)
08/28/12	Introduction (Slides)		Course syllabus. link
08/30/12	Security Research Methods (Slides)		Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link Efficient Reading of Papers in Science and Technology. M. J. Hanson, University of Washington, 1989. link Network Security: Private Communication in a Public World, Chapter 1. link
09/04/12	Cryptography (Slides)		Network Security: Private Communication in a Public World, Chapters 2, 3. link
09/06/12	Cryptography (Slides)		Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link Network Security: Private Communication in a Public World, Chapter 5 link Deep Dive : Security Mechanisms in High-Level Network Protocols. V. Voydock and S. Kent, ACM Computing Surveys, 15(2), June 1983. link
09/11/12	Applied Cryptography (Slides)		A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Network Security: Private Communication in a Public World, Chapter 6 link Deep Dive : Twenty years of attacks on the RSA cryptosystem. D. Boneh, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. link
09/13/12	Applied Cryptography (Slides)	Crypto Basics link	Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link Network Security: Private Communication in a Public World, Chapter 11. link Deep Dive : Breaking and Fixing the Needham-Schroeder Public Key Protocol using FDR. G. Lowe, In Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), volume 1055 of Lecture Notes in Computer Science, Springer Verlag, pages 147-166, 1996. link
09/18/12	Authentication (Slides)		Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link Network Security: Private Communication in a Public World, Chapters 9. link
09/20/12	Authentication (Slides)		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Network Security: Private Communication in a Public World, Chapter 13 link
09/25/12	Public Key Infrastructure (Slides)	Project Selection link	Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, C. Ellison and B. Schneier, Computer Security Journal, v 16, n 1, 2000, pp. 1-7. link Network Security: Private Communication in a Public World, Chapter 15. link
09/27/12	Security Research Methods (Slides)		P. McDaniel, How to Write a Security Paper, 2008 (work in progress). link
10/02/12	Vulnerabilities (Slides)		Finding Name Resolution Vulnerabilities in Programs. H. Vijayakumar, J. Schiffman, T. Jaeger, USENIX Security Symposium, 2012. link Buffer Overflow Tutorial link Deep Dive : Where Do You Want to Go Today? Escalating Privileges by Pathname Manipulation. S. Chari, S. Halevi, W. Venema, Symposium on Network and Distributed Systems Security, 2010. link
10/04/12	Study Day - No class
10/09/12	Access Control (Slides)		Computer Security Technology Planning Study. J. P. Anderson, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volume II (Sections I-IV) link Operating Systems Security, Chapters 1 and 2 link
10/11/12	Access Control (Slides)		Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link Operating Systems Security, Chapters 4 and 9 link
10/16/12	Operating System Security (Slides)		Operating Systems Security, Chapter 3 link
10/18/12	Operating System Security (Slides)		Policy/Mechanism Separation in Hydra. R. Levin, E. Cohen, W. Corwin, F. Pollack, and W. Wulf, Proceedings of the 5th Symposium on Operating Systems Principles, November 1975, pp. 132-140. link Deep Dive : A Secure Identity-Based Capability System, L. Gong, IEEE Symposium on Security and Privacy, 1989. link Operating Systems Security, Chapter 10 link
10/23/12	Network Security (Slides)		End-to-end Arguments in System Design. J. H. Saltzer, D. P. Reed, and D. D. Clark, ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. link Security Problems in the TCP/IP Protocol Suite. S. M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. link A New Approach to DNS Security (DNSSEC). G. Ateniese, S. Mangard, Proc. of the Eighth ACM Conference on Computer and Communications Security, 2001. link Deep Dive : An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link
10/25/12	Network Security (Slides)		Leveraging IPsec for Mandatory Per-Packet Access Control. T. Jaeger et al. SecureComm 2006. link Network Security: Private Communication in a Public World, Chapters 17 and 18. link
10/30/12	Firewalls (Slides)		A Quantitative Study of Firewall Configuration Errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. link Linux iptables HOWTO, Rusty Russell. link Network Security: Private Communication in a Public World, Chapter 23. link
11/01/12	Mid-term Exam (in class)
11/06/12	Internet Malware (Slides)		A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review archive, pages 39-54, 34 (2), April, 2005. link How to 0wn the Internet in Your Spare Time. S.Staniford and V. Paxson and N. Weaver, in Proceedings of the 11th USENIX Security Symposium, pages 149-167, San Francisco, CA, August 2002. link
11/08/12	Internet Malware (Slides)	Background and Related Work Draft	Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
11/13/12	Intrusion Detection (Slides)		A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link
11/15/12	Web Security (Slides)		Network Security: Private Communication in a Public World, Chapter 25 (except sections 3 and 4). link Security Mechanisms and Policy for Mandatory Access Control in Computer Systems. Glenn Wurster, Ph.D. Thesis, Carleton University, 2010, pgs. 21-31. link Attack OWASP Top 10 - 2010. The Ten Most Critical Web Application Security Risks. Published by The Open Web Application Security Project, 2010. link Deep Dive : Third-Party Web Tracking: Policy and Technology. J. R. Mayer and J. C. Mitchell, Proceedings of the IEEE Symposium on Security and Privacy, 2012. link
11/20/12	Thanksgiving Break - No class
11/22/12	Thanksgiving Break - No class
11/27/12	Web Security (Slides)		Secure Web Browsing with the OP Web Browser C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link Network Security: Private Communication in a Public World, Chapter 19. link Deep Dive : The Essence of Command Injection Attacks in Web Applications. Zhendong Su and Gary Wassermann. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 2006. link
11/29/12	Virtualization Security (Slides)		Lessons from VAX/SVS for High Assurance VM Systems. S. Lipner, M. Zurko, T. Jaeger, IEEE Security and Privacy Magazine, to appear. link Operating Systems Security, Chapter 11 link
12/04/12	Security Research Talks	Project Review
12/06/12	Cloud Computing Security (Slides)		AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link Resource-freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense). V. Varadarajan, T. Kooburat, B. Farley, T. Ristenpart, and M. Swift, Proceedings of the 19th ACM Computer and Communications Security, 2012. link
12/11/12	Trusted Computing (Slides)		A Ten-Page Introduction to Trusted Computing. A. Martin, University of Oxford, 2008. link Design and Implementation of a TCG-based Integrity Measurement Architecture. R. Sailer, X. Zhang, T. Jaeger, L. van Doorn, Proceedings of the 14th USENIX Security Symposium, August 2004. link Bootstrapping Trust in Commodity Computers. B. Parno, J. M. McCune, and A. Perrig, Proceedings of the IEEE Symposium on Security and Privacy, IEEE, May 2010 link
12/13/12	Wrapup (Wrapup Slides) (Final Review)
12/18/12	Final Exam, 109 Walker, 10:10am-12:00pm
12/21/12	Final Projects Writeups Due (5:00pm)