Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due
Readings for Discussion
(do readings before class)
08/21/18Introduction
(Slides)
Course syllabus. link
Hacked vs. Hackers: Game On - NYTimes.com.pdf link
Text: Chapter 1 link
08/23/18Authentication
(Slides)
Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link
Text: Chapter 7.1-7.5 link
08/28/18Cryptography
(Slides)
Text: Chapter 2 link
08/30/18Cryptography
(Slides)
Homework Project One: Crypto Protocols (Due: 9/7/2018, 11:59pm)link
Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link
Chapter 3link
09/04/18Public Key Cryptosystems
(Slides)
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link
Text: Chapter 4 link
09/06/18Crypto Protocols
(Slides)
Review for "Needham-Schroeder" paper
Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link
Text: Chapter 5 link
09/11/18Authentication Protocols
(Slides)
Project One: SSH File Transfer (Due: 10/3/2018, 11:59pm)link
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link
Text: Sections 10.5 link
09/13/18Malware
(Slides)
W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. link
Text: Section 11.3 link
09/18/18Program Vulnerabilities
(Slides)
Buffer Overflow Tutorial link
Text: Sections 11.1-11.2 link
Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al. , 7th USENIX Security Symposium, 1998. link
09/20/18Return-Oriented Programming
(Slides)
Review for "Return-Oriented Programming" paper
Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
09/25/18Safe Programming
(Slides) (Slides)
Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link
09/27/18Access Control
(Slides)
Text: Sections 8.1-8.3 link
10/02/18Mandatory Access Control
(Slides)
Review for "Lattice Model" paper
Text: Sections 8.4-8.5link
A lattice model of secure information flow. D. Denning, CACM, May 1976. link
Chapter 2. Access Control Fundamentals. T. Jaeger, in Operating Systems Security, 2008. link
10/04/18Secure Operating Systems
(Slides)
seL4: Formal Verification of an OS Kernel. G. Klein et al. , Proceedings of the 22nd ACM Symposium on Operating Systems Principles, October 2009. link
10/09/18Commercial OS Security
(Slides)
Project Two: SSH Man-in-the-Middle (Due: 11/6/2018, 11:59pm)link
Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link
Text: Section 13.1-13.3 link
10/11/18Network Security Vulnerabilities
(Slides)
An Illustrated Guide to the Kaminsky DNS Vulnerability , S. Freidl. link
Text: Sections 9.1-9.4 link
10/16/18Network Security Protocols
(Slides)
Review for "SSH" paper
SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link
Text: Sections 10.1-10.2 link
10/18/18Firewalls
(Slides)
The Beginner's Guide to iptables: Linux Firewall , How-To Geek. link
FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link
Text: Section 8.9 link
10/23/18Mid-term Exam: 4:35-5:50 (regular time)
10/25/18Web Security
(Slides)
Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link
Text: Sections 7.1 and 7.2 link
10/30/18Web Security
(Slides)
Review for "OP Browser" paper
Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link
11/01/18Intrusion Detection
(Slides)
A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link
Text: Section 6.4 link
11/06/18Blockchains (UC Berkeley slides)
(Slides)
The Blockchain: A Gentle Four Page Introduction. . Jan Hendrik Witte, ArXiv.org, Dec. 2016. link
11/08/18Privacy
(Slides)
Review for "Anonymous Routing" paper
Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996. link
The Tor Project link
Text: Section 10.5 link
11/13/18Hardware for Security
(Slides)
Project Three: Code-Reuse Attacks (Due: 12/6/2018, 11:59pm)link
Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. In USENIX Security Symposium, Aug. 2004. link
11/15/18Snow Day - No class
11/20/18Thanksgiving Break - No class
11/22/18Thanksgiving Break - No class
11/27/18Hardware for Security (Part 2)
(Slides)
11/29/18Virtualization Security
(Slides)
Review for "AmazonIA" paper
What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007. link
12/04/18Adversarial Machine Learning
(Slides)
Machine Learning in Adversarial Settings. Patrick McDaniel, Nicolas Papernot, and Berkay Celik. IEEE Security and Privacy Magazine, 14(3), May/June, 2016. link
12/06/18Cloud Computing Security
(Slides)
AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link
12/11/18Final Exam, 114 Steidle, Tu December 11, 6:50-8:40pm
.