Tentative Syllabus

These topics are tentative and subject to change without warning. In particular, if I don’t discuss something you’re interested in, ask about it! I may very well add it or modify what I’m covering to include it.

1.Tue Mar 29Introduction; what is securitytext, §1
2.Thu Mar 31Access control matrix, mechanisms text, §2, 16.1–16.3
Dis Social engineering; secure programming survey
3.Tue Apr 5Common vulnerabilitiestext, §16.4; [Chr11, OWA13]hw 1
4.Thu Apr 7Buffer overflows; CPS (Dr. Jeff Rowe) [Ale96]
Dis Cross-site scripting
5.Tue Apr 12Principles of secure design; robust programming text, §14; [SS75, Bis11]
6.Thu Apr 14Robust programming[Bis11]
Dis Review of fragile programming example
7.Tue Apr 19Flaw hypothesis methodology; penetration testing text, §24.1–24.2; [Wei95, Bis07a, Bis07b]hw 2
8.Thu Apr 21Intrusion detection (Prof. Karl Levitt)text, §26
Dis nmap, Fortify source code analyzer
9.Tue Apr 26Malwaretext, §23 (not 23.6); [Nac97]
10.Thu Apr 28Policies, policy modelstext, §4; [War70]
Dis Review for midterm
11.Tue May 3Midterm
12.Thu May 5Example policies, confidentiality policies text, §4, 5
13.Tue May 10Integrity policies, cryptographytext, §5, 6.1, 6.2, 6.4, 10
14.Thu May 12Cryptography, digital signaturestext, §10hw3
15.Tue May 17Cryptographic protocolstext, §10, 11
16.Thu May 19Key managementtext, §11, 12, 13
17.Tue May 24Authenticationtext, §12, 13
18.Thu May 26Network, web securitytext, §13, 15
19.Tue May 31Assurance and trusttext, §13, 18
20.Thu Jun 2 Electronic voting systems, review for final[BBG07, BW07, RABA04]hw 5
—. Wed Jun 8Final examination (at 10:30am)


AlephOne. Smashing the stack for fun and profit. Phrack, 7(49), 1996.
Earl Barr, Matt Bishop, and Mark Gondree. Fixing Federal E-Voting Standards. Communications of the ACM, 50(3):19–24, Mar. 2007.
Matt Bishop. About penetration testing. IEEE Security and Privacy, 5(6):84–87, Nov. 2007.
Matt Bishop. Overview of red team reports. Executive summary, Office of the California Secretary of State, Sacramento, CA, USA, July 2007.
Matt Bishop. Robust programming. handout for ECS 153, Computer Security, Mar. 2011.
Matt Bishop and David Wagner. Risks of E-Voting. Communications of the ACM, 50(11):120, Nov. 2007.
Steve Christey. 2011 CWE/SANS top 25 most dangerous software errors, Sep. 13, 2011. Available at http://cwe.mitre.org/top25/.
Cary Nachenberg. Computer virus-antivirus coevolution. Communications of the ACM, 40(1):46–51, Jan. 1997.
OWASP. Owasp top 10 - 2013: The ten most critical web application security risks. Technical report, The Open Web Application Security Project, 2013.
RABA Innovative Solution Cell, Trusted Agent Report: Diebold AccuVote-TS Voting System, RABA Technologies LLC, Columbia, MD, USA, Jan. 2004.
Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, Sep. 1975.
Willis Ware. Security controls for computer systems: Report of Defense Science Board Task Force on computer security. Technical Report R609-1, Rand Corporation, Santa Monica, CA, Feb. 1970.
Clark Weissman. Security penetration testing guideline: A chapter of the handbook for the computer security certification of trusted systems. Technical Memorandum 5540:082A, Naval Research Laboratory, Washington, DC, USA, January 1995.

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of April 27, 2016 at 11:36PM

You can also obtain a PDF version of this.