Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due
Readings for Discussion
(do readings before class)
08/24/10 Introduction
(Slides)
Course syllabus. link Presenter:
08/26/10 Cryptography
(Slides)
Network Security: Private Communication in a Public World, Chapters 2, 3, 5, and 6. link Presenter:
08/31/10 Cryptography
(Slides)
Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS '93. link Presenter:
09/02/10 Applied Cryptography
(Slides)
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Presenter:
09/07/10 Applied Cryptography
(Slides)
Network Security: Private Communication in a Public World, Chapters 9, 10, 11. link Presenter:
09/09/10 Authentication
(Slides)
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Presenter:
Network Security: Private Communication in a Public World, Chapters 12, 25.3, and 25.4. link Presenter:
09/14/10 Authentication
(Slides)
Buffer Overflow link
09/16/10 Public Key Infrastructure
(Slides)
Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, C. Ellison and B. Schneier, Computer Security Journal, v 16, n 1, 2000, pp. 1-7. link Presenter:
Network Security: Private Communication in a Public World, Chapter 15. link Presenter:
09/21/10 Access Control
(Slides)
The Protection of Information in Computer Systems. J. Saltzer and M. Schroeder, Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (Part I) link Presenter:
09/23/10 Access Control
(Slides)
Anderson, J. P., Computer Security Technology Planning Study, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volume II (Sections I-IV) link Presenter:
09/28/10 Access Control
(Slides)
Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324] link Presenter:
09/30/10 No Class
10/05/10 Operating System Security
(Slides)
R. Levin, E. Cohen, W. Corwin, F. Pollack, and W. Wulf. Policy/Mechanism Separation in Hydra. In Proceedings of the 5th Symposium on Operating Systems Principles, November 1975, pp. 132-140. link Presenter:
10/07/10 Operating System Security
(Slides)
Whitmore, J., Bensoussan, A., Green, P., Hunt, D., Robziar, A., and Stern, J., Design for Multics Security Enhancements, ESD-TR-74-176, ESD/AFSC, Hanscom AFB, Bedford, MA (1074). (Section 3 -- Focus on 3.1-3.7, get basic idea of other subsections of 3) link Presenter:
10/12/10 Operating System Security
(Slides)
Crypto Basics link
C. Wright et al. , Linux Security Modules: General Security Support for the Linux Kernel. In Proceedings of the 11th USENIX Security Symposium, August 2002. link Presenter:
10/14/10 Social Engineering
(Slides)
Social Engineering Fundamentals, Part I: Hacker Tactics, Sarah Granger, Security Focus, 2001. link Presenter:
Social Engineering Fundamentals, Part II: Combat Strategies, Sarah Granger, Security Focus, 2002. link Presenter:
10/19/10 Mid-term Exam (in class)
10/21/10 Security Research Methods
(Slides)
Reflections on Trusting Trust. Ken Thompson, Turing Award Lecture, 1983. link Presenter:
Efficient Reading of Papers in Science and Technology. Michael J. Hanson, University of Washington, 1989. link Presenter:
Network Security: Private Communication in a Public World, Chapter 1. link Presenter:
10/26/10 Class at NSRC Industry Day (Tentative)
10/28/10 Security Research Methods
(Slides)
How to Write a Security Paper, Patrick McDaniel, 2008 (work in progress). link Presenter:
11/02/10 Network Security
(Slides)
Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. link Presenter:
Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. link Presenter:
G. Ateniese, S. Mangard: A New Approach to DNS Security (DNSSEC), Proc. of the Eighth ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, USA, November 5-8, 2001. link Presenter:
Midterm with answers link Presenter:
11/04/10 Network Security
(Slides)
Network Security: Private Communication in a Public World, Chapters 16, 17, and 18. link Presenter:
11/09/10 Firewalls
(Slides)
Final Project link
A quantitative study of firewall configuration errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. link Presenter:
Linux iptables HOWTO Rusty Russell. link Presenter:
Network Security: Private Communication in a Public World, Chapter 23. link Presenter:
11/11/10 Intrusion Detection
(Slides)
A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link Presenter:
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Presenter:
11/16/10 Internet Malware
(Slides)
A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review archive, pages 39-54, 34 (2), April, 2005. link Presenter:
How to 0wn the Internet in Your Spare Time. S.Staniford and V. Paxson and N. Weaver, in Proceedings of the 11th USENIX Security Symposium, pages 149-167, San Francisco, CA, August 2002. link Presenter:
11/18/10 Internet Malware
(Slides)
Know your Enemy:Tracking Botnets Using Honeynets to Learn More about Bots, Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wichersk, March 2005. link Presenter:
11/23/10 Thanksgiving Break - No class
11/25/10 Thanksgiving Break - No class
11/30/10 Web Security
(Slides)
Background and Related Work Draft (12/1)
Network Security: Private Communication in a Public World, Chapter 25 (except sections 3 and 4). link Presenter:
OWASP Top 10 - 2010. The Ten Most Critical Web Application Security Risks. Published by The Open Web Application Security Project, 2010. link Presenter:
12/02/10 Web Security
(Slides)
Project Status Slides
The Essence of Command Injection Attacks in Web Applications. Zhendong Su and Gary Wassermann. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 2006. link Presenter:
Secure Web Browsing with the OP Web Browser Grier, C., Shuo Tang, King, S.T., In Proceedings of the IEEE Symposium on Security and Privacy, 2008. link Presenter:
12/07/10 Security Research Talks
12/09/10 Email and SPAM/Wrapup
(Email Slides) (Wrapup Slides)
Lorrie Faith Cranor and Brian A. LaMacchia. Spam! Communications of the ACM. Vol. 41, No. 8 (Aug. 1998), Pages 74-83. link Presenter:
12/13/10 Final Review (5:00pm -- 356 IST Building)
12/17/10 Final Projects Writeups Due (5:00pm)
.