Tentative Syllabus

These topics are tentative and subject to change without warning. In particular, if I don’t discuss something you’re interested in, ask about it! I may very well add it or modify what I’m covering to include it.

All readings are from the text. The starred readings are from newer chapters, which will be available on Canvas.

1.Wed Sep 21Intro to computer security§1
2.Fri Sep 23Access control matrix§2*
No discussion section
3.Mon Sep 26Android securityGuest Lecturer: Prof. S. Felix Wu
4.Wed Sep 28Intrusion detection§25Guest Lecturer: Prof. Karl Levitt
5.Fri Sep 30Memory safety[2, 9]Guest Lecturer: Prof. Hao Chen
dis 2. Using Canvas; setting up lab
6.Mon Oct 3Robust programming I§14*, 29
7.Wed Oct 5Robust programming II[3] homework 1, lab 1 due
8.Fri Oct 7 Assurance§18, [10]
dis 3. Red-team testing
9.Mon Oct 10Policies§4.1*–4.5*
10.Wed Oct 12Confidentiality models§5.1*–5.2.2*, 5.3*–5.4*
11.Fri Oct 14Mobile security Guest Lecturer: Bogdan Copos
dis 3. Example policies§G.1*
12.Mon Oct 17Other models§6.1*, 6.2*, 6.4*, 7.3, 7.4
13.Wed Oct 19Policies in practice4.6*, 26.2, 27.2, 28.1
14.Fri Oct 21Cryptography§10.1*–10.2*homework 2, lab 2 due
dis 4. Vigenère cipher§*
15.Mon Oct 24Public key cryptography§10.3*–10.4*
16.Wed Oct 26Key exchange§11.1*–11.2*, 11.4*
17.Fri Oct 28Security experiences Guest Lecturer: Steven Templeton
dis 5. Elliptic curve cryptography10.3.4*
18.Mon Oct 31Cryptographic protocols§12.1*, 12.3*, 12.4.1*
19.Wed Nov 2 Network security§26
20.Fri Nov 4 Midterm Exam (in class)
dis 6. Review for Midterm Exam
21.Mon Nov 7 Elections and Computers[1, 4]homework 3, lab 3 due
22.Wed Nov 9 Authentication§12Guest Lecturer: Abhilasha Bhargav-Spantzel (Intel)
—. Fri Nov 11 no class; Veteran’s Day
dis 7. Review midterm answers
23.Mon Nov 14Identity, anonymity§15*, [8]
24.Wed Nov 16Access Control§16*
25.Fri Nov 18Malware I§23*
dis 8 wireshark, network traces homework 4, lab 4 due
26.Mon Nov 21Malware II[5, 7]
27.Wed Nov 23Information flow I§17*
—.Fri Nov 25 no class; University holiday
dis 9. Virtual machines§17.2, 33
28.Mon Nov 28Information flow II[6]
29.Wed Nov 30Confinement§17
30.Fri Dec 2 Laws and Ethics[9, 11]homework 5
dis 10. Review for Final Exam
—. Thu Dec 8 Final exam (at 8:00am)


  1. , Top-to-Bottom Review (July 2007). url: http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/red-overview.pdf.
  2. AlephOne, “Smashing the Stack for Fun and Profit,” Phrack 7(49) (1996). url: http://phrack.org/issues/49/14.html.
  3. M. Bishop, “Robust Programming,” unpublished (Oct. 2016).
  4. D. Chaum, R. T. Carback, J. Clark, A. Essex, Oioiveniuc, R. L. Riveest, P. Y. A. Ryan, E. Shen, A. T. Sherman, and P. L. Vora, “Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes,” IEEE Transactions on Information Forensics and Security 4(4) pp. 611–627 (Dec. 2009). doi: 10.1109/TIFS.2009.2034919.
  5. M.W. Eichin and J. A. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 326–343 (May 1989). doi: 10.1109/SECPRI.1989.36307.
  6. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Proceedings of the 9th USENIX Symposium on Operating Sysems Design and Implementation (Oct. 2010). url: https://www. usenix.org/legacy/events/osdi10/tech/full_papers/Enck.pdf.
  7. R. Langner, “Stuxnet: Dissecting a Cyberwarfare Weapon,” IEEE Security and Privacy 9(3) pp. 49–51 (May 2011). doi: 10.1109/MSP.2011.67.
  8. S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008). url: https://bitcoin.org/bitcoin.pdf.
  9. H. Shacham, “The Geometry of Innocent Flesh on the Bone: Return-Into-Libc Without Function Calls (On the x86),” Proceedings of the 14th ACM Conference on Computer and Communications Security pp. 552–561 (2007). doi: 10.1145/1315245.1315313.
  10. J. P. Sullins, “A Case Study in Malware Research Ethics Education: When Teaching Bad is Good,” Proceedings of the 2014 IEEE Security and Privacy Workshops pp. 1–4 (May 2014). doi: 10.1109/SPW.2014.46.
  11. J. Viega and J. Epstein, “Why Applying Standards to Web Services Is Not Enough,” IEEE Security and Privacy 4(4) pp. 25–31 (July 2006). doi: 10.1109/MSP.2006.110.
  12. M. Zimmer, “‘But the Data Is Already Public’: On the Ethics of Research in Facebook,” Journal of Information Technology 12(4) pp. 313–325 (Dec. 2010). doi: 10.1007/s10676-010-9227-5.

You can also obtain a PDF version of this. Version of November 18, 2016 at 10:24AM