Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Discussions (do readings before class)
08/25/09	Introduction ( Slides )		Course syllbus. (link)
08/27/09	Cryptography ( Slides )		Network Security: Private Communication in a Public World, Chapters 2, 3, 5, and 6.
09/01/09	Cryptography ( Slides )		Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS '93. (link)
09/03/09	Applied Cryptography ( Slides )		A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. (link)
09/08/09	Applied Cryptography ( Slides )		Network Security: Private Communication in a Public World, Chapters 9, 10, 11, 12, 25.3, and 25.4.
09/10/09	Security Research Methods ( Slides )		Reflections on Trusting Trust. Ken Thompson, Turing Award Lecture, 1983. (link) Efficient Reading of Papers in Science and Technology. Michael J. Hanson, University of Washington, 1989. (link) Network Security: Private Communication in a Public World, Chapter 1.
09/15/09	Security Research Methods ( Slides )		How to Write a Security Paper, Patrick McDaniel, 2008 (work in progress). (link)
09/17/09	Security Research Methods ( Slides )
09/22/09	Authentication ( Slides )		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. (link) Network Security: Private Communication in a Public World, Chapters 12, 25.3, and 25.4.
09/24/09	Authentication ( Slides )
09/29/09	Public Key Infrastructure ( Slides )		Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, C. Ellison and B. Schneier, Computer Security Journal, v 16, n 1, 2000, pp. 1-7. (link) Network Security: Private Communication in a Public World, Chapter 15.
10/01/09	Access Control ( Slides )		The Protection of Information in Computer Systems. J. Saltzer and M. Schroeder, Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (Part I) (link)
10/06/09	Access Control ( Slides )	Project Choice	Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324] (link)
10/08/09	Access Control ( Slides )	Access Control Matrix
10/12/09	Mid-term Review : (356 IST Building, 5pm)
10/13/09	Class at NSRC Industry Day
10/15/09	Mid-term Exam (in class)
10/20/09	No class
10/22/09	Operating System Security ( Slides )		R. Levin, E. Cohen, W. Corwin, F. Pollack, and W. Wulf. Policy/Mechanism Separation in Hydra. Proc. of the 5th Symposium on Operating Systems Principles, November 1975, pp. 132-140. (link)
10/27/09	Operating System Security ( Slides )		Paul A. Karger, Roger R. Schell (2002). "Thirty Years Later: Lessons from the Multics Security Evaluation" Proceedings 18th Annual Computer Security Applications Conference. Los Alamitos, CA, , IEEE Computer Society. , p.119-26 (link)
10/29/09	Social Engineering ( Slides )	Related Work	Social Engineering Fundamentals, Part I: Hacker Tactics, Sarah Granger, Security Focus, 2001. (link) Social Engineering Fundamentals, Part II: Combat Strategies, Sarah Granger, Security Focus, 2002. (link)
11/03/09	Social Engineering ( Slides )	Project Experiment Proposal
11/05/09	Network Security ( Slides )		Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link) Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. (link) G. Ateniese, S. Mangard: A New Approach to DNS Security (DNSSEC), Proc. of the Eighth ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, USA, November 5-8, 2001. (link)
11/10/09	Network Security ( Slides )		Network Security: Private Communication in a Public World, Chapters 16, 17, and 18.
11/12/09	Firewalls ( Slides )		A quantitative study of firewall configuration errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. (link) Linux iptables HOWTO Rusty Russell. (link) Network Security: Private Communication in a Public World, Chapter 23.
11/17/09	Intrusion Detection ( Slides )		A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link) The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
11/19/09	Internet Malware ( Slides )	Project Status Slides	A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review archive, pages 39-54, 34 (2), April, 2005. (link) How to 0wn the Internet in Your Spare Time. S.Staniford and V. Paxson and N. Weaver, in Proceedings of the 11th USENIX Security Symposium, pages 149-167, San Francisco, CA, August 2002. (link)
11/24/09	Thanksgiving Break - No class
11/26/09	Thanksgiving Break - No class
12/01/09	Internet Malware ( Slides )		Know your Enemy:Tracking Botnets Using honeynets to learn more about Bots, Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wichersk, March 2005. (link)
12/03/09	Web Security ( Slides )		Network Security: Private Communication in a Public World, Chapter 25 (except sections 3 and 4). Vulnerability Analysis of Web Applications, M. Cova, V. Felmetsger and G. Vigna, In Testing and Analysis of Web Services. Springer, 2007. Editors: L. Baresi and E. Dinitto (link)
12/08/09	Web Security ( Slides )		The Essence of Command Injection Attacks in Web Applications. Zhendong Su and Gary Wassermann. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 2006. (link) Secure Web Browsing with the OP Web Browser Grier, C., Shuo Tang, King, S.T., In Proceedings of the IEEE Symposium on Security and Privacy, 2008. (link)
12/10/09	Final Review (5:00pm -- 356 IST Building)
12/10/09	Email and SPAM/Wrapup ( Email Slides Wrapup Slides )		Lorrie Faith Cranor and Brian A. LaMacchia. Spam! Communications of the ACM. Vol. 41, No. 8 (Aug. 1998), Pages 74-83. (link)
12/11/09	Final Exam, Alternate Seating (5:00pm-6:50pm - 223B IST) -- prior approval required
12/15/09	Final Exam (2:30pm-4:20pm - 265 Willard)
12/18/09	Final Projects Writeups Due (11:59am NOON)