The following schedule is a rough estimate and is subject to change. Course slides are available in CourseSite.

Week Dates Topics Readings
1 8/28, 8/30 Intro; security fundamentals The Protection of Information in Computer Systems;
2 9/4, 9/6 C vulnerabilties: buffer overflows Smashing the stack for fun and profit
3 9/11 C vulnerabilties: format string attacks Exploiting Format String Vulnerabilities
9/13 Student presentation (Frank Kriete) StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
4 9/18, 9/20 Web security course slides
5 9/25 Student presentation (Giulio Finestrali) Return-Oriented Programming
9/27 Reference monitors
6 10/2, 10/4 Reference monitors
7 10/9 Pacing break
10/11 Software-based Fault Isolation Efficient Software-Based Fault Isolation
8 10/16, 10/18 Student presentation (Hana Harrison) Native Client: A Sandbox for Portable, Untrusted x86 Native Code
9 10/23, 10/25 Program verification: Hoare logic Ch4 of "Logic in Computer Science: modelling and reasoning about systems"
10 10/30, 11/1 Class canceled due to Hurricane Sandy
11 11/6, 11/8 Program verification: Hoare logic Ch4 of "Logic in Computer Science: modelling and reasoning about systems"
12 11/13 Student presentation (Michael Pollock) Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation
11/15 Symbolic evaluation Course slides
13 11/20 Symbolic evaluation
11/22 Thanksgiving break Thanks!
14 11/27 Computer worm modeling and detection
11/29 Student presentation (Todd Suess) EXE: Automatically Generating Inputs of Death
15 12/4, 12/6 Java security Securing Java Chapter 2