Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
| Date | Topic | Assignments Due | Readings for Discussion (do readings before class) | |
| 08/23/16 | ( | Course syllabus.link Hacked vs. Hackers: Game On - NYTimes.com.pdflink Text: Chapter 1link | ||
| 08/25/16 | ( | Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983.link
Guess again (and again and again): Measuring password
strength by simulating password-cracking algorithms.
P. G. Kelley
et al.
, IEEE Symposium on Security and Privacy, 2012.
link Text: Chapter 7.1-7.5link | ||
| 08/30/16 | ( | Review for "Pitfalls" paper and Project One: Passwords (Due: 9/21/2016, 11:59pm)link |
Pitfalls in the automated strengthening of passwords.
D. Schmidt and T. Jaeger, Annual Computer Security Applications Conference, 2013.
link | |
| 09/01/16 | ( | Text: Chapter 2link
*Advanced*
: Security Mechanisms in High-Level Network Protocols. V. Voydock and S. Kent,
ACM Computing Surveys, 15(2), June 1983.
link | ||
| 09/06/16 | ( | Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993.link Chapter 3link | ||
| 09/08/16 | ( | A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978.link Text: Chapter 4link
*Advanced*
: Twenty years of attacks on the RSA
cryptosystem. D. Boneh, Notices of the American
Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213,
1999), June 1983.
link | ||
| 09/13/16 | ( | Review for "Needham-Schroeder" paper |
Using Encryption
for Authentication in Large Networks of Computers.
R. Needham and M. Schroeder, CACM, December 1978.
link Text: Chapter 5link
*Advanced*
: Breaking and Fixing the
Needham-Schroeder Public Key Protocol using FDR. G. Lowe,
In Tools and Algorithms for the Construction and Analysis
of Systems, Margaria and Steffen (eds.), volume 1055 of
Lecture Notes in Computer Science, Springer Verlag, pages
147-166, 1996.
link | |
| 09/15/16 | ( | Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994.link Text: Sections 10.5link
*Advanced*
: Pluggable Authentication Modules (PAM). NetBSD.
link | ||
| 09/20/16 | ( | Review for "Kerberos" paper | Buffer Overflow Tutoriallink
Text: Sections 11.1-11.2
link
Stackguard: Automatic Adaptive Detection and
Prevention of Buffer Overflow Attacks.
C. Crispin,
et
al.
, 7th USENIX Security Symposium, 1998.
link | |
| 09/22/16 | ( | W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu,
and Eric Chien. 2011.link Text: Sections 11.3link | ||
| 09/27/16 | ( | Review for "Return-oriented programming" paper and Project Two: Gcrypt Needham-Schroeder (Due: 10/21/2016, 11:59pm)link |
Return-Oriented Programming: Systems, Languages, and
Applications.
R. Roemer, E. Buchanan, H. Shacham, and
S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March
2012.
link
*Advanced*
: Control-flow Integrity. Martin Abadi, Mihai Budiu,
Ulfar Erlingsson, and Jay Ligatti, in Proceedings of the
12th ACM Conference on Computer and Communications Security,
2005.
link | |
| 09/29/16 | ( |
Text: Sections 8.1-8.3
link
*Advanced*
: Computer Security Technology Planning
Study. J. P. Anderson, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA
(Oct. 1972) [NTIS AD-758 206]; Volume II (Sections I-IV)
link | ||
| 10/04/16 | ( |
A lattice model of secure information flow.
D. Denning, CACM, May 1976.
link | ||
| 10/06/16 | ( | Text: Sections 8.4-8.5link | ||
| 10/11/16 | ( | Review for "Linux Security Modules" paper | Reference Monitor. T. Jaeger. Encyclopedia of Cryptography and Security, 2011.link
Linux Security Modules:
General Security Support for the Linux Kernel.
C. Wright
et al.
, Proceedings of the 11th USENIX Security Symposium, August 2002.
link Text: Section 13.1-13.3
link
*Advanced*
: Introduction to NSA's Security-Enhanced Linux. SANS Institute, 2002.
link | |
| 10/13/16 | ( |
On the Mismanagement and Maliciousness of
Networks.
Jing Zhang, Zakir Durumeric, Michael Bailey,
Mingyan Liu, and Manish Karir. NDSS 2014.
link Text: Sections 9.1-9.4link
*Advanced*
A New Approach to DNS Security (DNSSEC). G. Ateniese,
S. Mangard, Proc. of the Eighth ACM Conference on Computer
and Communications Security, 2001.
link | ||
| 10/18/16 | ( | Review for "SSH" paper | SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996.link Text: Sections 10.1-10.2 link | |
| 10/20/16 | ( |
FIREMAN: a toolkit for FIREwall Modeling and ANalysis.
L. Yuan et al. IEEE Security and Privacy 2006.
link Text: Section 8.9link *Advanced*: The Beginner's Guide to iptables: Linux
Firewall, How-To Geek.link | ||
| 10/25/16 | Mid-term Exam (in class) | |||
| 10/27/16 | ( | Browser Security Handbook, Part 2 (Same origin policy,
Life Outside Same-origin rules, Third-party cookie rules).link Attack OWASP Top 10 - 2010. The Ten Most Critical Web Application Security Risks. Published by The Open Web Application Security Project, 2010.link Text: Sections 7.1 and 7.2link | ||
| 11/01/16 | ( | Project Three: Software Security (Due: 11/17/16) and Review for "OP Browser" paperlink | Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008.link
*Advanced*
: Browser security: Lessons from Google Chrome. C. Reis, A. Barth, C. Pizano. CACM 52(8) 2009.
link | |
| 11/03/16 | ( | STING: Finding Name Resolution Vulnerabilities in Programs.
H. Vijayakumar, J. Schiffman, T. Jaeger, USENIX Security
Symposium, 2012.link
*Advanced*
: JIGSAW: Protecting Resource Access by Inferring Programmer Expectations
link | ||
| 11/08/16 | ( | Review for "Secure Capability Systems" Chapter | Secure Capability Systems, Chapter 10, Operating Systems
Security. Morgan and Claypool, Trent Jaeger. (Public Version)link Secure Capability Systems, Chapter 10, Operating Systems
Security. Morgan and Claypool, Trent Jaeger. (Inside PSU Version)link | |
| 11/10/16 | ( | Proxies for Anonymous Routing. M. Reed, P. Syverson,
D. Goldschlag. 12th Anual Computer Security Applications
Conference, 1996.link The Tor Projectlink Text: Section 10.5link | ||
| 11/15/16 | ( | Review for "Sense of Self" paper | A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996.link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999.link Text: Section 6.4link | |
| 11/17/16 | ( | What Virtualization Can Do for Security. T. Garfinkel
and A. Warfield. ;login 32(6) 2007.link A Virtual Machine Introspection Based Architecture for Intrusion Detection. T. Garfinkel
and M. Rosenblum. NDSS 2003.link | ||
| 11/22/16 | Thanksgiving Break - No class | |||
| 11/24/16 | Thanksgiving Break - No class | |||
| 11/29/16 | ( | AmazonIA: When Elasticity Snaps Back. S. Bugiel,
T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and
T. Schneider, 18th ACM Conference on Computer and
Communications Security, 2011.link | ||
| 12/01/16 | ( | Review for "Leveraging 'Choice'" paper | Leveraging 'Choice' in Authorization Hook Placement.
Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In
19th ACM Conference on Computer and Commumications
Security, 2012.link | |
| 12/06/16 | ( | |||
| 12/08/16 | No Class | |||
| 12/13/16 | Final Exam, 12/13/16, 8:00am, Willard 075 | |||
.