Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which may need to be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Readings/Discussions (do readings before class)	Slides
08/26/08	Introduction		Course syllbus. (link) Assignment #1 - Web Setup and Homepage Creation (link)	Slides
08/28/08	Research Methods I		Reflections on Trusting Trust. Ken Thompson, Turing Award Lecture, 1983. (link) Efficient Reading of Papers in Science and Technology. Michael J. Hanson, University of Washington, 1989. (link) Network Security: Private Communication in a Public World, Chapter 1.	Slides
09/02/08	Cryptography		Network Security: Private Communication in a Public World, Chapters 2, 3, 5, and 6.	Slides
09/04/08	Cryptography	Assignment #1	Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS '93. (link)
09/09/08	Applied Cryptography		A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. (link)	Slides
09/11/08	Authentication		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. (link) Network Security: Private Communication in a Public World, Chapters 9, 10, 11, 12, 25.3, and 25.4. Assignment #2 - File Encryptor Utility (link)	Slides
09/16/08	Authentication
09/18/08	Public Key Infrastructure	Project Choice	Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, C. Ellison and B. Schneier, Computer Security Journal, v 16, n 1, 2000, pp. 1-7. (link) Network Security: Private Communication in a Public World, Chapter 15.	Slides
09/23/08	Network Security		Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link) Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. (link)	Slides
09/25/08	Network Security	Assignment #2	Network Security: Private Communication in a Public World, Chapters 16, 17, and 18.
09/30/08	Network Security		A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review archive, pages 39-54, 34 (2), April, 2005. (link) How to 0wn the Internet in Your Spare Time. S.Staniford and V. Paxson and N. Weaver, in Proceedings of the 11th USENIX Security Symposium, pages 149-167, San Francisco, CA, August 2002. (link)
10/02/08	Network Security
10/07/08	Network Security
10/09/08	Network Security
10/14/08	Research Methods II		How to Write a Security Paper, Patrick McDaniel, 2008 (work in progress). (link)	Slides
10/16/08	Mid-term Exam
10/21/08	Research Methods II
10/23/08	Firewalls		A quantitative study of firewall configuration errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. (link) Linux iptables HOWTO Rusty Russell. (link) Network Security: Private Communication in a Public World, Chapter 23.	Slides
10/28/08	Intrusion Detection	Project Related Work	A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link) The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)	Slides
10/30/08	Botnets		Know your Enemy:Tracking Botnets Using honeynets to learn more about Bots, Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wichersk, March 2005. (link) Cooke, E., Jahanian, F., and McPherson, D. 2005. The Zombie roundup: understanding, detecting, and disrupting botnets. In Proceedings of the 2006 Steps To Reducing Unwanted Traffic on the internet on Steps To Reducing Unwanted Traffic on the internet Workshop. (link)	Slides
11/04/08	Web Security	Project Experiment Proposal	Network Security: Private Communication in a Public World, Chapter 25 (except sections 3 and 4).	Slides
11/06/08	Web Security
11/11/08	Language-Based Security		Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel. Understanding Practical Application Development in Security-Typed Languages. 22st Annual Computer Security Applications Conference (ACSAC), pages 153--164, December 2006. Miami, Fl. (link)	Slides
11/13/08	No class
11/18/08	Access Control		The Protection of Information in Computer Systems. J. Saltzer and M. Schroeder, Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (Part I) (link)	Slides
11/20/08	Operating System Security		Wikipedia -- Access Control (link) Wikipedia -- Access Control (link) Wikipedia -- UNIX Secuirty (link)	Slides
11/25/08	Thanksgiving Break -- No class
11/27/08	Thanksgiving Break -- No class
12/02/08	Access Control Models			Slides
12/04/08	Access Control Models			Slides
12/09/08	Operating System Security		R. Levin, E. Cohen, W. Corwin, F. Pollack, and W. Wulf. Policy/Mechanism Separation in Hydra. Proc. of the 5th Symposium on Operating Systems Principles, November 1975, pp. 132-140. (link)
12/11/08	Wrapup			Slides
12/12/08	TBD Project Final Presentations (6pm-9pm)
12/16/08	Final Exam (4:40pm-6:30pm -- 230 Arts)
12/19/08	Final Projects Writeups Due

CSE543