Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due
Readings for Discussion
(do readings before class)
08/22/17Introduction
(Slides)
Course syllabus. link
Hacked vs. Hackers: Game On - NYTimes.com.pdf link
Text: Chapter 1 link
08/24/17Authentication
(Slides)
Project One: Password Management System (Due: 9/20/2017, 11:59pm)link
Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link
Text: Chapter 7.1-7.5 link
08/29/17Passwords
(Slides)
Review for "Guess Again" paper
Pitfalls in the automated strengthening of passwords. D. Schmidt and T. Jaeger, Annual Computer Security Applications Conference, 2013. link
08/31/17Cryptography
(Slides)
Text: Chapter 2 link
09/05/17Cryptography
(Slides)
Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link
Chapter 3link
09/07/17Public Key Cryptosystems
(Slides)
Review for "RSA" paper
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link
Text: Chapter 4 link
09/12/17Crypto Protocols
(Slides)
Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link
Text: Chapter 5 link
09/14/17Authentication Protocols
(Slides)
Review for "Kerberos" paper
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link
Text: Sections 10.5 link
09/19/17Malware
(Slides)
W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. link
Text: Section 11.3 link
09/21/17Program Vulnerabilities
(Slides)
Review for "Stackguard" paper
Buffer Overflow Tutorial link
Text: Sections 11.1-11.2 link
Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al. , 7th USENIX Security Symposium, 1998. link
09/26/17Return-Oriented Programming
(Slides)
Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
09/28/17Access Control
(Slides)
Text: Sections 8.1-8.3 link
10/03/17Mandatory Access Control
(Slides)
Review for "Lattice Model" paper
A lattice model of secure information flow. D. Denning, CACM, May 1976. link
10/05/17Mandatory Access Control
(Slides)
Chapter 2. Access Control Fundamentals. T. Jaeger, in Operating Systems Security, 2008. link
Text: Sections 8.4-8.5 link
10/10/17Operating Systems Security
(Slides)
Project Two: Return-oriented Programming (Due: 11/6/17)link
Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link
Text: Section 13.1-13.3 link
10/12/17Network Security Vulnerabilities
(Slides)
Review for "Kaminsky" paper
An Illustrated Guide to the Kaminsky DNS Vulnerability , S. Freidl. link
Text: Sections 9.1-9.4 link
10/17/17Network Security Protocols
(Slides)
SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link
Text: Sections 10.1-10.2 link
10/19/17Firewalls
(Slides)
Review for "FIREMAN" paper
The Beginner's Guide to iptables: Linux Firewall , How-To Geek. link
FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link
Text: Section 8.9 link
10/24/17Mid-term Exam: (W207 Westgate - former 222 IST) 4:35-5:50 (regular time)
10/26/17Web Security
(Slides)
Review for "Browser Handbook" Chapter
Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link
Text: Sections 7.1 and 7.2 link
10/31/17Web Security
(Slides)
Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link
11/02/17Intrusion Detection
(Slides)
A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link
Text: Section 6.4 link
11/07/17Blockchains (UC Berkeley slides)
(Slides)
The Blockchain: A Gentle Four Page Introduction. . Jan Hendrik Witte, ArXiv.org, Dec. 2016. link
11/09/17Privacy
(Slides)
Project Three: Research Study (Due: 12/7/2017, 11:59pm)link
Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996. link
The Tor Project link
Text: Section 10.5 link
11/14/17Adversarial Machine Learning (Nicolas Papernot)
(Slides)
Machine Learning in Adversarial Settings. Patrick McDaniel, Nicolas Papernot, and Berkay Celik. IEEE Security and Privacy Magazine, 14(3), May/June, 2016. link
11/16/17Hardware for Security
(Slides)
Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. In USENIX Security Symposium, Aug. 2004. link
11/21/17Thanksgiving Break - No class
11/23/17Thanksgiving Break - No class
11/28/17Virtualization Security
(Slides)
Review for "Virtualization" paper
What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007. link
11/30/17Cloud Computing Security
(Slides)
AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link
12/05/17Android Security
(Slides (18MB))
AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings. Giuseppe Petracca, Ahmad-Atamli Reineh, Yuqiong Sun, Jens Grossklags, and Trent Jaeger. In 26th USENIX Security Symposium (USENIX Security), Aug. 2017. link
12/07/17Future of Secure Programming
(Slides)
Leveraging 'Choice' in Authorization Hook Placement. Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In 19th ACM Conference on Computer and Commumications Security, 2012. link
12/12/17Final Exam, Tu 12/12/17, 6:50-8:40pm, Forest Resources Bldg 106
.