Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due
Readings for Discussion
(do readings before class)
08/28/12 Introduction
(Slides)
Course syllabus. link
08/30/12 Security Research Methods
(Slides)
Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
Efficient Reading of Papers in Science and Technology. M. J. Hanson, University of Washington, 1989. link
Network Security: Private Communication in a Public World, Chapter 1. link
09/04/12 Cryptography
(Slides)
Network Security: Private Communication in a Public World, Chapters 2, 3. link
09/06/12 Cryptography
(Slides)
Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link
Network Security: Private Communication in a Public World, Chapter 5 link
*Deep Dive* : Security Mechanisms in High-Level Network Protocols. V. Voydock and S. Kent, ACM Computing Surveys, 15(2), June 1983. link
09/11/12 Applied Cryptography
(Slides)
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link
Network Security: Private Communication in a Public World, Chapter 6 link
*Deep Dive* : Twenty years of attacks on the RSA cryptosystem. D. Boneh, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. link
09/13/12 Applied Cryptography
(Slides)
Crypto Basics link
Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link
Network Security: Private Communication in a Public World, Chapter 11. link
*Deep Dive* : Breaking and Fixing the Needham-Schroeder Public Key Protocol using FDR. G. Lowe, In Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), volume 1055 of Lecture Notes in Computer Science, Springer Verlag, pages 147-166, 1996. link
09/18/12 Authentication
(Slides)
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link
Network Security: Private Communication in a Public World, Chapters 9. link
09/20/12 Authentication
(Slides)
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link
Network Security: Private Communication in a Public World, Chapter 13 link
09/25/12 Public Key Infrastructure
(Slides)
Project Selection link
Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, C. Ellison and B. Schneier, Computer Security Journal, v 16, n 1, 2000, pp. 1-7. link
Network Security: Private Communication in a Public World, Chapter 15. link
09/27/12 Security Research Methods
(Slides)
P. McDaniel, How to Write a Security Paper, 2008 (work in progress). link
10/02/12 Vulnerabilities
(Slides)
Finding Name Resolution Vulnerabilities in Programs. H. Vijayakumar, J. Schiffman, T. Jaeger, USENIX Security Symposium, 2012. link
Buffer Overflow Tutorial link
*Deep Dive* : Where Do You Want to Go Today? Escalating Privileges by Pathname Manipulation. S. Chari, S. Halevi, W. Venema, Symposium on Network and Distributed Systems Security, 2010. link
10/04/12 Study Day - No class
10/09/12 Access Control
(Slides)
Computer Security Technology Planning Study. J. P. Anderson, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volume II (Sections I-IV) link
Operating Systems Security, Chapters 1 and 2 link
10/11/12 Access Control
(Slides)
Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link
Operating Systems Security, Chapters 4 and 9 link
10/16/12 Operating System Security
(Slides)
Operating Systems Security, Chapter 3 link
10/18/12 Operating System Security
(Slides)
Policy/Mechanism Separation in Hydra. R. Levin, E. Cohen, W. Corwin, F. Pollack, and W. Wulf, Proceedings of the 5th Symposium on Operating Systems Principles, November 1975, pp. 132-140. link
*Deep Dive* : A Secure Identity-Based Capability System, L. Gong, IEEE Symposium on Security and Privacy, 1989. link
Operating Systems Security, Chapter 10 link
10/23/12 Network Security
(Slides)
End-to-end Arguments in System Design. J. H. Saltzer, D. P. Reed, and D. D. Clark, ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. link
Security Problems in the TCP/IP Protocol Suite. S. M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. link
A New Approach to DNS Security (DNSSEC). G. Ateniese, S. Mangard, Proc. of the Eighth ACM Conference on Computer and Communications Security, 2001. link
*Deep Dive* : An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link
10/25/12 Network Security
(Slides)
Leveraging IPsec for Mandatory Per-Packet Access Control. T. Jaeger et al. SecureComm 2006. link
Network Security: Private Communication in a Public World, Chapters 17 and 18. link
10/30/12 Firewalls
(Slides)
A Quantitative Study of Firewall Configuration Errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. link
Linux iptables HOWTO, Rusty Russell. link
Network Security: Private Communication in a Public World, Chapter 23. link
11/01/12 Mid-term Exam (in class)
11/06/12 Internet Malware
(Slides)
A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review archive, pages 39-54, 34 (2), April, 2005. link
How to 0wn the Internet in Your Spare Time. S.Staniford and V. Paxson and N. Weaver, in Proceedings of the 11th USENIX Security Symposium, pages 149-167, San Francisco, CA, August 2002. link
11/08/12 Internet Malware
(Slides)
Background and Related Work Draft
Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
11/13/12 Intrusion Detection
(Slides)
A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link
11/15/12 Web Security
(Slides)
Network Security: Private Communication in a Public World, Chapter 25 (except sections 3 and 4). link
Security Mechanisms and Policy for Mandatory Access Control in Computer Systems. Glenn Wurster, Ph.D. Thesis, Carleton University, 2010, pgs. 21-31. link
Attack OWASP Top 10 - 2010. The Ten Most Critical Web Application Security Risks. Published by The Open Web Application Security Project, 2010. link
*Deep Dive* : Third-Party Web Tracking: Policy and Technology. J. R. Mayer and J. C. Mitchell, Proceedings of the IEEE Symposium on Security and Privacy, 2012. link
11/20/12 Thanksgiving Break - No class
11/22/12 Thanksgiving Break - No class
11/27/12 Web Security
(Slides)
Secure Web Browsing with the OP Web Browser C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link
Network Security: Private Communication in a Public World, Chapter 19. link
*Deep Dive* : The Essence of Command Injection Attacks in Web Applications. Zhendong Su and Gary Wassermann. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 2006. link
11/29/12 Virtualization Security
(Slides)
Lessons from VAX/SVS for High Assurance VM Systems. S. Lipner, M. Zurko, T. Jaeger, IEEE Security and Privacy Magazine, to appear. link
Operating Systems Security, Chapter 11 link
12/04/12 Security Research Talks
Project Review
12/06/12 Cloud Computing Security
(Slides)
AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link
Resource-freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense). V. Varadarajan, T. Kooburat, B. Farley, T. Ristenpart, and M. Swift, Proceedings of the 19th ACM Computer and Communications Security, 2012. link
12/11/12 Trusted Computing
(Slides)
A Ten-Page Introduction to Trusted Computing. A. Martin, University of Oxford, 2008. link
Design and Implementation of a TCG-based Integrity Measurement Architecture. R. Sailer, X. Zhang, T. Jaeger, L. van Doorn, Proceedings of the 14th USENIX Security Symposium, August 2004. link
Bootstrapping Trust in Commodity Computers. B. Parno, J. M. McCune, and A. Perrig, Proceedings of the IEEE Symposium on Security and Privacy, IEEE, May 2010 link
12/13/12 Wrapup
(Wrapup Slides) (Final Review)
12/18/12 Final Exam, 109 Walker, 10:10am-12:00pm
12/21/12 Final Projects Writeups Due (5:00pm)
.