Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Readings for Discussion
(do readings before class)
Course syllabus. link
Hacked vs. Hackers: Game On - link
Text: Chapter 1 link
Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al. , IEEE Symposium on Security and Privacy, 2012. link
Text: Chapter 7.1-7.5 link
Text: Chapter 2 link
Homework Project One: Crypto Protocols (Due: 9/7/2018, 11:59pm)link
Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link
Chapter 3link
09/04/18Public Key Cryptosystems
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link
Text: Chapter 4 link
09/06/18Crypto Protocols
Review for "Needham-Schroeder" paper
Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link
Text: Chapter 5 link
09/11/18Authentication Protocols
Project One: SSH File Transfer (Due: 10/3/2018, 11:59pm)link
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link
Text: Sections 10.5 link
W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. link
Text: Section 11.3 link
09/18/18Program Vulnerabilities
Buffer Overflow Tutorial link
Text: Sections 11.1-11.2 link
Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al. , 7th USENIX Security Symposium, 1998. link
09/20/18Return-Oriented Programming
Review for "Return-Oriented Programming" paper
Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
09/25/18Safe Programming
(Slides) (Slides)
Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link
09/27/18Access Control
Text: Sections 8.1-8.3 link
10/02/18Mandatory Access Control
Review for "Lattice Model" paper
Text: Sections 8.4-8.5link
A lattice model of secure information flow. D. Denning, CACM, May 1976. link
Chapter 2. Access Control Fundamentals. T. Jaeger, in Operating Systems Security, 2008. link
10/04/18Secure Operating Systems
seL4: Formal Verification of an OS Kernel. G. Klein et al. , Proceedings of the 22nd ACM Symposium on Operating Systems Principles, October 2009. link
10/09/18Commercial OS Security
Project Two: SSH Man-in-the-Middle (Due: 11/6/2018, 11:59pm)link
Linux Security Modules: General Security Support for the Linux Kernel. C. Wright et al. , Proceedings of the 11th USENIX Security Symposium, August 2002. link
Text: Section 13.1-13.3 link
10/11/18Network Security Vulnerabilities
An Illustrated Guide to the Kaminsky DNS Vulnerability , S. Freidl. link
Text: Sections 9.1-9.4 link
10/16/18Network Security Protocols
Review for "SSH" paper
SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link
Text: Sections 10.1-10.2 link
The Beginner's Guide to iptables: Linux Firewall , How-To Geek. link
FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link
Text: Section 8.9 link
10/23/18Mid-term Exam: 4:35-5:50 (regular time)
10/25/18Web Security
Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link
Text: Sections 7.1 and 7.2 link
10/30/18Web Security
Review for "OP Browser" paper
Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link
11/01/18Intrusion Detection
A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link
Text: Section 6.4 link
11/06/18Blockchains (UC Berkeley slides)
The Blockchain: A Gentle Four Page Introduction. . Jan Hendrik Witte,, Dec. 2016. link
Review for "Anonymous Routing" paper
Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996. link
The Tor Project link
Text: Section 10.5 link
11/13/18Hardware for Security
Project Three: Code-Reuse Attacks (Due: 12/6/2018, 11:59pm)link
Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. In USENIX Security Symposium, Aug. 2004. link
11/15/18Snow Day - No class
11/20/18Thanksgiving Break - No class
11/22/18Thanksgiving Break - No class
11/27/18Hardware for Security (Part 2)
11/29/18Virtualization Security
Review for "AmazonIA" paper
What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007. link
12/04/18Adversarial Machine Learning
Machine Learning in Adversarial Settings. Patrick McDaniel, Nicolas Papernot, and Berkay Celik. IEEE Security and Privacy Magazine, 14(3), May/June, 2016. link
12/06/18Cloud Computing Security
AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link
12/11/18Final Exam, 114 Steidle, Tu December 11, 6:50-8:40pm