Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due
Readings for Discussion
(do readings before class)
08/23/16Introduction
(Slides)
Course syllabus.link
Hacked vs. Hackers: Game On - NYTimes.com.pdflink
Text: Chapter 1link
08/25/16Authentication
(Slides)
Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983.link
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link
Text: Chapter 7.1-7.5link
08/30/16Passwords
(Slides)
Review for "Pitfalls" paper and Project One: Passwords (Due: 9/21/2016, 11:59pm)link
Pitfalls in the automated strengthening of passwords. D. Schmidt and T. Jaeger, Annual Computer Security Applications Conference, 2013. link
09/01/16Cryptography
(Slides)
Text: Chapter 2link
*Advanced* : Security Mechanisms in High-Level Network Protocols. V. Voydock and S. Kent, ACM Computing Surveys, 15(2), June 1983. link
09/06/16Cryptography
(Slides)
Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993.link
Chapter 3link
09/08/16Public Key Cryptosystems
(Slides)
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978.link
Text: Chapter 4link
*Advanced* : Twenty years of attacks on the RSA cryptosystem. D. Boneh, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. link
09/13/16Crypto Protocols
(Slides)
Review for "Needham-Schroeder" paper
Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link
Text: Chapter 5link
*Advanced* : Breaking and Fixing the Needham-Schroeder Public Key Protocol using FDR. G. Lowe, In Tools and Algorithms for the Construction and Analysis of Systems, Margaria and Steffen (eds.), volume 1055 of Lecture Notes in Computer Science, Springer Verlag, pages 147-166, 1996. link
09/15/16Authentication Protocols
(Slides)
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994.link
Text: Sections 10.5link
*Advanced* : Pluggable Authentication Modules (PAM). NetBSD. link
09/20/16Vulnerabilities
(Slides)
Review for "Kerberos" paper
Buffer Overflow Tutoriallink
Text: Sections 11.1-11.2 link
Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al. , 7th USENIX Security Symposium, 1998. link
09/22/16Malware
(Slides)
W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011.link
Text: Sections 11.3link
09/27/16Return-Oriented Programming
(Slides)
Review for "Return-oriented programming" paper and Project Two: Gcrypt Needham-Schroeder (Due: 10/21/2016, 11:59pm)link
Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
*Advanced* : Control-flow Integrity. Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti, in Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005. link
09/29/16Access Control
(Slides)
Text: Sections 8.1-8.3 link
*Advanced* : Computer Security Technology Planning Study. J. P. Anderson, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volume II (Sections I-IV) link
10/04/16Mandatory Access Control
(Slides)
A lattice model of secure information flow. D. Denning, CACM, May 1976. link
10/06/16Mandatory Access Control
(Slides)
Text: Sections 8.4-8.5link
10/11/16Operating Systems Security
(Slides)
Review for "Linux Security Modules" paper
Reference Monitor. T. Jaeger. Encyclopedia of Cryptography and Security, 2011.link
Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link
Text: Section 13.1-13.3 link
*Advanced* : Introduction to NSA's Security-Enhanced Linux. SANS Institute, 2002. link
10/13/16Network Security Vulnerabilities
(Slides)
On the Mismanagement and Maliciousness of Networks. Jing Zhang, Zakir Durumeric, Michael Bailey, Mingyan Liu, and Manish Karir. NDSS 2014. link
Text: Sections 9.1-9.4link
*Advanced* A New Approach to DNS Security (DNSSEC). G. Ateniese, S. Mangard, Proc. of the Eighth ACM Conference on Computer and Communications Security, 2001. link
10/18/16Network Security
(Slides)
Review for "SSH" paper
SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996.link
Text: Sections 10.1-10.2 link
10/20/16Firewalls
(Slides)
FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link
Text: Section 8.9link
*Advanced*: The Beginner's Guide to iptables: Linux Firewall, How-To Geek.link
10/25/16Mid-term Exam (in class)
10/27/16Web Security
(Slides)
Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules).link
Attack OWASP Top 10 - 2010. The Ten Most Critical Web Application Security Risks. Published by The Open Web Application Security Project, 2010.link
Text: Sections 7.1 and 7.2link
11/01/16Web Security
(Slides)
Project Three: Software Security (Due: 11/17/16) and Review for "OP Browser" paperlink
Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008.link
*Advanced* : Browser security: Lessons from Google Chrome. C. Reis, A. Barth, C. Pizano. CACM 52(8) 2009. link
11/03/16System Vulnerabilities
(Slides)
STING: Finding Name Resolution Vulnerabilities in Programs. H. Vijayakumar, J. Schiffman, T. Jaeger, USENIX Security Symposium, 2012.link
*Advanced* : JIGSAW: Protecting Resource Access by Inferring Programmer Expectations link
11/08/16Capability Systems
(Slides)
Review for "Secure Capability Systems" Chapter
Secure Capability Systems, Chapter 10, Operating Systems Security. Morgan and Claypool, Trent Jaeger. (Public Version)link
Secure Capability Systems, Chapter 10, Operating Systems Security. Morgan and Claypool, Trent Jaeger. (Inside PSU Version)link
11/10/16Privacy
(Slides)
Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996.link
The Tor Projectlink
Text: Section 10.5link
11/15/16Intrusion Detection
(Slides)
Review for "Sense of Self" paper
A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996.link
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999.link
Text: Section 6.4link
11/17/16Virtualization Security
(Slides)
What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007.link
A Virtual Machine Introspection Based Architecture for Intrusion Detection. T. Garfinkel and M. Rosenblum. NDSS 2003.link
11/22/16Thanksgiving Break - No class
11/24/16Thanksgiving Break - No class
11/29/16Cloud Computing Security
(Slides)
AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011.link
12/01/16Future of Secure Programming
(Slides)
Review for "Leveraging 'Choice'" paper
Leveraging 'Choice' in Authorization Hook Placement. Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In 19th ACM Conference on Computer and Commumications Security, 2012.link
12/06/16Android Security
(Wrapup Slides)
12/08/16No Class
12/13/16Final Exam, 12/13/16, 8:00am, Willard 075
.