Tentative Syllabus

These topics are tentative and subject to change without warning. In particular, if I don’t discuss something you’re interested in, ask about it! I may very well add it or modify what I’m covering to include it.

lec.	date	topic	reading	due
1.	Tue Mar 29	Introduction; what is security	text, §1
2.	Thu Mar 31	Access control matrix, mechanisms	text, §2, 16.1–16.3
Dis		Social engineering; secure programming survey
3.	Tue Apr 5	Common vulnerabilities	text, §16.4; [Chr11, OWA13]	hw 1
4.	Thu Apr 7	Buffer overflows; CPS (Dr. Jeff Rowe)	[Ale96]
Dis		Cross-site scripting
5.	Tue Apr 12	Principles of secure design; robust programming	text, §14; [SS75, Bis11]
6.	Thu Apr 14	Robust programming	[Bis11]
Dis		Review of fragile programming example
7.	Tue Apr 19	Flaw hypothesis methodology; penetration testing	text, §24.1–24.2; [Wei95, Bis07a, Bis07b]	hw 2
8.	Thu Apr 21	Intrusion detection (Prof. Karl Levitt)	text, §26
Dis		nmap, Fortify source code analyzer
9.	Tue Apr 26	Malware	text, §23 (not 23.6); [Nac97]
10.	Thu Apr 28	Policies, policy models	text, §4; [War70]
Dis		Review for midterm
11.	Tue May 3	Midterm
12.	Thu May 5	Example policies, confidentiality policies	text, §4, 5
Dis
13.	Tue May 10	Integrity policies, cryptography	text, §5, 6.1, 6.2, 6.4, 10
14.	Thu May 12	Cryptography, digital signatures	text, §10	hw3
Dis
15.	Tue May 17	Cryptographic protocols	text, §10, 11
16.	Thu May 19	Key management	text, §11, 12, 13
Dis
17.	Tue May 24	Authentication	text, §12, 13
18.	Thu May 26	Network, web security	text, §13, 15
Dis
19.	Tue May 31	Assurance and trust	text, §13, 18
20.	Thu Jun 2	Electronic voting systems, review for final	[BBG07, BW07, RABA04]	hw 5
Dis
—.	Wed Jun 8	Final examination (at 10:30am)

References

[Ale96]: AlephOne. Smashing the stack for fun and profit. Phrack, 7(49), 1996.
[BBG07]: Earl Barr, Matt Bishop, and Mark Gondree. Fixing Federal E-Voting Standards. Communications of the ACM, 50(3):19–24, Mar. 2007.
[Bis07a]: Matt Bishop. About penetration testing. IEEE Security and Privacy, 5(6):84–87, Nov. 2007.
[Bis07b]: Matt Bishop. Overview of red team reports. Executive summary, Office of the California Secretary of State, Sacramento, CA, USA, July 2007.
[Bis11]: Matt Bishop. Robust programming. handout for ECS 153, Computer Security, Mar. 2011.
[BW07]: Matt Bishop and David Wagner. Risks of E-Voting. Communications of the ACM, 50(11):120, Nov. 2007.
[Chr11]: Steve Christey. 2011 CWE/SANS top 25 most dangerous software errors, Sep. 13, 2011. Available at http://cwe.mitre.org/top25/.
[Nac97]: Cary Nachenberg. Computer virus-antivirus coevolution. Communications of the ACM, 40(1):46–51, Jan. 1997.
[OWA13]: OWASP. Owasp top 10 - 2013: The ten most critical web application security risks. Technical report, The Open Web Application Security Project, 2013.
[RABA04]: RABA Innovative Solution Cell, Trusted Agent Report: Diebold AccuVote-TS Voting System, RABA Technologies LLC, Columbia, MD, USA, Jan. 2004.
[SS75]: Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, Sep. 1975.
[War70]: Willis Ware. Security controls for computer systems: Report of Defense Science Board Task Force on computer security. Technical Report R609-1, Rand Corporation, Santa Monica, CA, Feb. 1970.
[Wei95]: Clark Weissman. Security penetration testing guideline: A chapter of the handbook for the computer security certification of trusted systems. Technical Memorandum 5540:082A, Naval Research Laboratory, Washington, DC, USA, January 1995.

Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu

ECS 153, Computer Security
Version of April 27, 2016 at 11:36PM

You can also obtain a PDF version of this.