Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due
Readings for Discussion
(do readings before class)
01/09/18Introduction
(Slides)
Course syllabus link
01/11/18Security Basics
(Slides)
Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
01/16/18Passwords
(Slides)
Server Authentication (Due 2/13/18)link
Linux Password and Shadow File Formatlink
01/18/18Programming Mistakes (Info Flow)
(Slides)
SQL Injection Cheat Sheet and Tutoriallink
The Risks Digest link
01/23/18Programming Flaws (Buffer Overflows)
(Slides)
Smashing the Stack for Fun and Profit, Aleph One. Phrack 7(49), 1996link
Common Vulnerabilities and Exposures link
Talk: Secure Software through Proof Engineering, Greg Morrisett.link
Some OpenSSL helplink
01/25/18Programming Flaws (Heap Overflows, Etc.)
(Slides)
Hacker's Hut: Exploiting the Heap (11-11.2) link
Security Focus: BugTraq link
01/30/18Programming Flaws (Memory Errors)
(Slides)
Using Freed Memory link
Double Frees link
One Perfect Bug: Exploiting Type Confusion in Flash (Basic Idea) link
Format String Vulnerability link
02/01/18Research Talk: Copy Relocation Violations
(Slides)
An Evil Copy: How the Loader Betrays You. X. Ge, M. Payer, T. Jaeger. Proceedings of the Network and Distributed Systems Security Symposium, 2017.link
02/06/18Confused Deputy
(Slides)
The Confused Deputy (or why capabilities might have been invented). Norm Hardy. Operating Systems Review, pp. 36-38, Oct. 1988. link
02/08/18Defensive Programming
(Slides)
Secure Programming HOWTO (Chapter 5)link
02/13/18Defensive Programming
(Slides)
Secure Programming HOWTO (Chapter 6)link
02/15/18Dynamic Testing
(Slides)
Server Hardening (Due 2/27/18)link
The Fuzzing Project: Tutoriallink
American Fuzzy Loplink
02/20/18Static Analysis
(Slides)
Tutorial: Static Analysis and Dynamic Testing of Software, Richard Fairley, 1978.link
LLVM Checkerslink
02/22/18Research Talk: Android Sensor Security
(Slides)
AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings. Giuseppe Petracca, Ahmad-Atamli Reineh, Yuqiong Sun, Jens Grossklags, and Trent Jaeger. In Proceedings of the 26th USENIX Security Symposium, Aug. 2017.link
02/27/18Static Analysis
(Slides)
HP Fortifylink
IBM Rationallink
LLVM Based Bug Detection: A comparison of CETS and Parfait (Focus on Parfait). Sebastian Hunkeler.link
03/01/18Symbolic Execution
(Slides)
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems. Cristian Cadar, Daniel Dunbar, Dawson Engler, in Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, 2008. link
03/06/18Spring Break - No class
03/08/18Spring Break - No class
03/13/18Course Review
(Slides)
03/15/18Midterm
03/20/18Execution Integrity
(Slides)
Break Someone's Server (Due 4/7/18)link
03/22/18Execution Integrity
(Slides)
Control-Flow Integrity: Precision, Security, and Performance (Section 2.1)link
03/27/18Security Mechanisms
(Slides)
Privilege-Separated OpenSSH link
03/29/18No Lecture
04/03/18Automating Privilege Separation
(Slides)
PtrSplit: Supporting General Pointers in Automatic Program Partitioning. S. Liu, G. Tan, and T. Jaeger. In 24th ACM Conference on Computer and Communications Security (CCS), 2017.link
04/05/18Reference Monitor
(Slides)
Reference Monitorlink
Leveraging 'Choice' in Authorization Hook Placement (Sections 1-3). Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In 19th ACM Conference on Computer and Commumications Security, 2012. link
04/10/18Software Fault Isolation
(Slides)
Authorization (Due 4/26/18)link
Software-based Fault Isolation (Notes)link
04/12/18Comparing Java to C
(Slides)
04/17/18Information Flow
(Slides)
Jave Information Flow (Jif)link
04/19/18Hardware for Security
(Slides)
Design of Intel MPXlink
04/24/18Attack Surface
(Slides)
Attack Surface Analysis Cheat Sheetlink
04/26/18Final Review
(Slides)
05/01/18Final Exam - 10:10AM - 12:00PM, 106 Forest Res Bldg
.