CSE 543 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Readings for Discussion (do readings before class)
01/13/15	Introduction (Slides)		Course syllabus. link Hacked vs. Hackers: Game On - NYTimes.com.pdf link Text: Section 1.1 link
01/15/15	Identity and Passwords (Slides)		Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link Text: Section 1.4 link
01/20/15	Cryptography (Slides)	Project One: Passwords (Due: 2/10/15) link	Text: Sections 1.3, 8.1 link Advanced : Security Mechanisms in High-Level Network Protocols. V. Voydock and S. Kent, ACM Computing Surveys, 15(2), June 1983. link
01/22/15	Cryptography (Slides)	Review for "Guess Again" paper	Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link Text: Section 8.3 link
01/27/15	Public Key Cryptosystems (Slides)		A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Text: Sections 8.2, 8.4, 8.5 link Advanced : Twenty years of attacks on the RSA cryptosystem. D. Boneh, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. link
01/29/15	Crypto Protocols (Slides)	Review for "Needham-Schroeder" paper	Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link Advanced : Breaking and Fixing the Needham-Schroeder Public Key Protocol using FDR. G. Lowe, In Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), volume 1055 of Lecture Notes in Computer Science, Springer Verlag, pages 147-166, 1996. link
02/03/15	Authentication (Slides)		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Text: Sections 9.6 and 9.7 link Advanced : Pluggable Authentication Modules (PAM). NetBSD. link
02/05/15	Vulnerabilities (Slides)	Review for "Stackguard" paper	Buffer Overflow Tutorial link Text: Section 3.4 link Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al. , 7th USENIX Security Symposium, 1998. link Advanced : AEG: Automatic Exploit Generation. T. Avgerinos, S.K. Cha, B. Lim Tze Hao, D. Brumley. NDSS 2011. link
02/10/15	Malware (Slides)		W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. link Text: Sections 4.1-4.3 link
02/12/15	Return-Oriented Programming (Slides)	Review for "Return-oriented programming" paper	Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link Advanced : Control-flow Integrity. Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti, in Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005. link
02/17/15	Vulnerabilities	Project Two: MAC-CBC Flaws (Due: 3/7/15) link
02/19/15	Access Control (Slides)		Text: Sections 1.2, 3.1, 3.2 link Advanced : Computer Security Technology Planning Study. J. P. Anderson, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volume II (Sections I-IV) link
02/24/15	Mandatory Access Control (Slides)	Review for "Lattice model" paper	A lattice model of secure information flow. D. Denning, CACM, May 1976. link Text: Sections 9.1, 9.2 link Advanced : A Comparison of Commercial and Military Computer Security Policies. D. Clark and D. Wilson. IEEE Symposium on Research in Security and Privacy, 1987. link
02/26/15	Operating Systems Security (Slides)		Reference Monitor. T. Jaeger. Encyclopedia of Cryptography and Security, 2011. link Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link Text: Section 3.3 link Advanced : Introduction to NSA's Security-Enhanced Linux. SANS Institute, 2002. link
03/03/15	Capability Systems (Slides)	Review for "Linux Security Modules (LSM)" paper	STING: Finding Name Resolution Vulnerabilities in Programs. H. Vijayakumar, J. Schiffman, T. Jaeger, USENIX Security Symposium, 2012. link Advanced : Where Do You Want to Go Today? Escalating Privileges by Pathname Manipulation. S. Chari, S. Halevi, W. Venema. NDSS 2010. link
03/05/15	Network Security Vulnerabilities (Slides)		On the Mismanagement and Maliciousness of Networks. Jing Zhang, Zakir Durumeric, Michael Bailey, Mingyan Liu, and Manish Karir. NDSS 2014. link Text: Sections 5.5 and 6.1 link Advanced A New Approach to DNS Security (DNSSEC). G. Ateniese, S. Mangard, Proc. of the Eighth ACM Conference on Computer and Communications Security, 2001. link
03/10/15	Spring Break - No class
03/12/15	Spring Break - No class
03/17/15	Network Security (Slides)	Review for "Mismanagement and Maliciousness" paper	SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link Text: Section 6.3 link
03/19/15	Firewalls (Slides)		FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link Text: Section 6.2 link Advanced: Linux iptables HOWTO, Rusty Russell. link
03/24/15	Mid-term Exam (in class)
03/26/15	Web Security (Slides)	Project Three: ROP (Due: 4/22/15) link	Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link Attack OWASP Top 10 - 2010. The Ten Most Critical Web Application Security Risks. Published by The Open Web Application Security Project, 2010. link Text: Sections 7.1 and 7.2 link
03/31/15	Web Security (Slides)		The Essence of Command Injection Attacks in Web Applications. Zhendong Su and Gary Wassermann. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 2006. link Text: Section 7.3 link
04/02/15	Web Security (Slides)	Review for "OP Browser" paper	Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link Advanced : Browser security: Lessons from Google Chrome. C. Reis, A. Barth, C. Pizano. CACM 52(8) 2009. link
04/07/15	Privacy (Slides)		Third-Party Web Tracking: Policy and Technology. J. R. Mayer and J. C. Mitchell, Proceedings of the IEEE Symposium on Security and Privacy, 2012. link Text: Section 10.5 link
04/09/15	Anonymity (Slides)	Review for "Anonymous Routing" paper	Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996. link The Tor Project link
04/14/15	Intrusion Detection (Slides)		A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Text: Section 6.4 link
04/16/15	Virtualization Security (Slides)	Review for "Base-Rate Fallacy" paper	What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007. link A Virtual Machine Introspection Based Architecture for Intrusion Detection. T. Garfinkel and M. Rosenblum. NDSS 2003. link
04/21/15	Cloud Computing Security (Slides)		AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link
04/23/15	Future Network Architectures (Slides)	Review for "Amazonia" paper	A Clean-Slate Design for the Next-Generation Secure Internet. Steven M. Bellovin, David D. Clark, Adrian Perrig, Dawn Song. 2005. link
04/28/15	Future of Secure Programming (Slides)		Leveraging 'Choice' in Authorization Hook Placement. Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In 19th ACM Conference on Computer and Commumications Security, 2012. link
04/30/15	Wrapup (Wrapup Slides)
05/05/15	Final Exam, Tuesday, May 5, 2015; 8:00am-9:50am; 103 BBH Bldg