Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
| Date | Topic | Assignments Due | Readings for Discussion (do readings before class) | |
| 08/21/18 | ( | Course syllabus. link Hacked vs. Hackers: Game On - NYTimes.com.pdf link Text: Chapter 1 link | ||
| 08/23/18 | ( | Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
Guess again (and again and again): Measuring password
strength by simulating password-cracking algorithms.
P. G. Kelley
et al.
, IEEE Symposium on Security and Privacy, 2012.
link Text: Chapter 7.1-7.5 link | ||
| 08/28/18 | ( | Text: Chapter 2 link | ||
| 08/30/18 | ( | Homework Project One: Crypto Protocols (Due: 9/7/2018, 11:59pm)link | Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link Chapter 3link | |
| 09/04/18 | ( | A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Text: Chapter 4 link | ||
| 09/06/18 | ( | Review for "Needham-Schroeder" paper |
Using Encryption
for Authentication in Large Networks of Computers.
R. Needham and M. Schroeder, CACM, December 1978.
link Text: Chapter 5 link | |
| 09/11/18 | ( | Project One: SSH File Transfer (Due: 10/3/2018, 11:59pm)link | Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Text: Sections 10.5 link | |
| 09/13/18 | ( | W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu,
and Eric Chien. 2011. link Text: Section 11.3 link | ||
| 09/18/18 | ( | Buffer Overflow Tutorial link
Text: Sections 11.1-11.2
link
Stackguard: Automatic Adaptive Detection and
Prevention of Buffer Overflow Attacks.
C. Crispin,
et
al.
, 7th USENIX Security Symposium, 1998.
link | ||
| 09/20/18 | ( | Review for "Return-Oriented Programming" paper |
Return-Oriented Programming: Systems, Languages, and
Applications.
R. Roemer, E. Buchanan, H. Shacham, and
S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March
2012.
link | |
| 09/25/18 | ( |
Secure Programming HOWTO.
D. Wheeler, Sections 2 and 6.
link | ||
| 09/27/18 | ( |
Text: Sections 8.1-8.3
link | ||
| 10/02/18 | ( | Review for "Lattice Model" paper | Text: Sections 8.4-8.5link
A lattice model of secure information flow.
D. Denning, CACM, May 1976.
link
Chapter 2. Access Control Fundamentals.
T. Jaeger, in Operating Systems Security, 2008.
link | |
| 10/04/18 | ( |
seL4: Formal Verification of an OS Kernel.
G. Klein
et al.
, Proceedings of the 22nd ACM Symposium on Operating Systems Principles, October 2009.
link | ||
| 10/09/18 | ( | Project Two: SSH Man-in-the-Middle (Due: 11/6/2018, 11:59pm)link |
Linux Security Modules:
General Security Support for the Linux Kernel.
C. Wright
et al.
, Proceedings of the 11th USENIX Security Symposium, August 2002.
link Text: Section 13.1-13.3
link | |
| 10/11/18 | ( |
An Illustrated Guide to the Kaminsky DNS Vulnerability
, S. Freidl.
link Text: Sections 9.1-9.4 link | ||
| 10/16/18 | ( | Review for "SSH" paper | SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link Text: Sections 10.1-10.2 link | |
| 10/18/18 | ( |
The Beginner's Guide to iptables: Linux
Firewall
, How-To Geek.
link
FIREMAN: a toolkit for FIREwall Modeling and ANalysis.
L. Yuan et al. IEEE Security and Privacy 2006.
link Text: Section 8.9 link | ||
| 10/23/18 | Mid-term Exam: 4:35-5:50 (regular time) | |||
| 10/25/18 | ( | Browser Security Handbook, Part 2 (Same origin policy,
Life Outside Same-origin rules, Third-party cookie rules). link Text: Sections 7.1 and 7.2 link | ||
| 10/30/18 | ( | Review for "OP Browser" paper | Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link | |
| 11/01/18 | ( | A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Text: Section 6.4 link | ||
| 11/06/18 | ( |
The Blockchain: A Gentle Four Page Introduction.
. Jan Hendrik Witte,
ArXiv.org, Dec. 2016.
link | ||
| 11/08/18 | ( | Review for "Anonymous Routing" paper | Proxies for Anonymous Routing. M. Reed, P. Syverson,
D. Goldschlag. 12th Anual Computer Security Applications
Conference, 1996. link The Tor Project link Text: Section 10.5 link | |
| 11/13/18 | ( | Project Three: Code-Reuse Attacks (Due: 12/6/2018, 11:59pm)link |
Design and Implementation of a TCG-based Integrity Measurement Architecture.
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn.
In USENIX Security Symposium, Aug. 2004.
link | |
| 11/15/18 | Snow Day - No class | |||
| 11/20/18 | Thanksgiving Break - No class | |||
| 11/22/18 | Thanksgiving Break - No class | |||
| 11/27/18 | ( | |||
| 11/29/18 | ( | Review for "AmazonIA" paper | What Virtualization Can Do for Security. T. Garfinkel
and A. Warfield. ;login 32(6) 2007. link | |
| 12/04/18 | ( |
Machine Learning in Adversarial Settings.
Patrick
McDaniel, Nicolas Papernot, and Berkay Celik. IEEE Security and
Privacy Magazine, 14(3), May/June, 2016.
link | ||
| 12/06/18 | ( | AmazonIA: When Elasticity Snaps Back. S. Bugiel,
T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and
T. Schneider, 18th ACM Conference on Computer and
Communications Security, 2011. link | ||
| 12/11/18 | Final Exam, 114 Steidle, Tu December 11, 6:50-8:40pm | |||
.