Tentative Syllabus

These dates and topics are tentative and subject to change without warning. In particular, if we don’t discuss something you’re interested in, ask about it! We may very well add it or modify what we’re covering to include it.

The discussion sections will present additional material and examples. They have a few ground rules:

If you don’t understand something in lecture, or are having problems with the assignments, we encourage you to ask about it. The primary goal of a discussion section is to discuss points that are confusing you, and we will clear up any confusion even if some material is not covered.
You are responsible for material covered in discussion section. That material may be on assignments and exams.

	date	topic	reading
	Fri, Sep 27	Discussion: not held
1.	Fri, Sep 27	What is computer security all about?	[Bish03, Clar53]

2.	Mon, Sep 30	Background: computers, networks, and the web	[Hipsb, Webp]
3.	Wed, Oct 2	Attacks: E-mail, phishing, and other problems	[Danh11, Danh13, Gros12]
	Fri, Oct 4	Discussion: Detecting phishing attacks
4.	Fri, Oct 4	Attacks: Trojan horses, viruses, and other malware	[Eise9, Roch1989, Thom84]

5.	Mon, Oct 7	Attacks: computers and people
6.	Wed, Oct 9	Principles of security	[Emer, Salt75]
	Fri, Oct 11	Discussion: to be arranged
7.	Fri, Oct 11	Cryptography: what’s it all about	[Hispa, Pfle10]

8.	Mon, Oct 14	Classical, public key cryptosystems	[Cond]
9.	Wed, Oct 16	Prove you’re you: authentication	[Good, Kerb12, Secu, Seel89]
	Fri, Oct 18	Discussion: How password cracking works
10.	Fri, Oct 18	Identity management	[Bell10, Educ, Jens13]

11.	Mon, Oct 21	E-mail security	[PGPI, Whit99]
12.	Wed, Oct 23	Firewalls, personal and network-based	[Balc]
	Fri, Oct 25	Discussion: Using PGP
13.	Fri, Oct 25	Network security	[Kauf09, Kemm02]

14.	Mon, Oct 28	Medicine and security	[Alem13, Mais10]
15.	Wed, Oct 30	Security with mobile devices	[Andr13, John12, Wrig11]
	Fri, Nov 1	Discussion: Review for midterm
16.	Fri, Nov 1	Anti-malware (anti-virus) programs	[Dery13, Nach97]

17.	Mon, Nov 4	Midterm Examination
18.	Wed, Nov 6	Digital rights management	[Bish06, Felt06]
	Fri, Nov 8	Discussion: Configuring a firewall
19.	Fri, Nov 8	DRM, Policy and Management	[Adam99, Land13, Lesk13]

	Mon, Nov 11	Veteran’s Day
20.	Wed, Nov 13	to be arranged
	Fri, Nov 15	Discussion: Probing a system
21.	Fri, Nov 15	Social networking: Facebook, Twitter, and all that	[Demo13]

22.	Mon, Nov 18	Elections based on computers	[Bish07, Bish07a, Epst13]
23.	Wed, Nov 20	The insider	[Hunk11]
	Fri, Nov 22	Discussion: More on voting
24.	Fri, Nov 22	Government and other standards and regulations	[Murd12]

25.	Mon, Nov 25	Computer crime and cyber forensics	[Ches92, Stol88]
26.	Wed, Nov 27	Cyberwarfare and cyber terrorism	[Bish03a]
	Fri, Nov 29	Thanksgiving Holiday

27.	Mon, Dec 2	The Power Grid and Other Infrastructure	[Khur10]
28.	Wed, Dec 4	Privacy, Anonymity, And Being Let Alone	[Anto10, Barb06]
	Fri, Dec 6	Discussion: Review for final
29.	Fri, Dec 6	to be arranged

	Wed, Dec 11	Final Examination (10:30am–12:30pm)

References

[Adam99]: Anne Adams and Martina Angela Sasse, “Users Are Not The Enemy”, Communications of the ACM 42(12) pp. 40–46 (Dec. 1999)
[Alem13]: Homa Alemzadeh, Ravishankar K. Iyer, Zbigniew Kalbarczyk, and Jai Raman, "Analysis of Safety-Critical Computer Failures in Medical Devices," IEEE Security & Privacy Magazine 11(4) pp. 14–26, (July 2013)
[Andr13]: Gennady Andrienko, Aris Gkoulalas-Divanis, Marco Gruteser, Christine Kopp, Thomas Liebig, and Klaus Rechert, “Report from Dagstuhl: The Liberation of Mobile Location Data and its Implications for Privacy Research”, ACM SIGMOBILE Mobile Computing and Communications Review 17(2) pp. 7–18 (Apr. 2013)
[Anto10]: Annie I. Ant’on, Julia B. Earp, and Jessica D. Young, “How Internet Users’ Privacy Concerns Have Evolved Since 2002”, IEEE Security & Privacy Magazine, 8(1) pp. 21–27 (Jan. 2010)
[Balc]: Aaron Balchunas, “Introduction to Firewalls”, available at http://www.routeralley.com/ra/docs/intro_firewalls.pdf
[Barb06]: Michael Barbaro and Tom Zeller Jr., “A Face is Exposed for AOL Searcher No. 4417749”, New York Times (Aug. 9, 2006); available at http://www.nytimes.com/2006/08/09/technology/09aol.html
[Bell10]: Steven M. Bellovin, “Identity and Security”, IEEE Security & Privacy Magazine, 8(2) p. 88 (Mar. 2010)
[Bish03]: Matt Bishop, “What Is Computer Security?” IEEE Security & Privacy Magazine, 1(1) pp. 67–69 (Jan. 2003)
[Bish03a]: Matt Bishop and Emily Goldman, “The Strategy and Tactics of Information Warfare”, Contemporary Security Policy 24(1) pp. 113–139 (June 2003)
[Bish06]: Matt Bishop and Deborah A. Frincke, “Who Owns Your Computer?”, IEEE Security & Privacy Magazine 4(2) pp. 61–63 (Mar. 2006)
[Bish07]: Matt Bishop, “Overview of Red Team Reports”, available at http://www.sos.ca.gov/voting-systems/oversight/ttbr/red-overview.pdf
[Bish07a]: Matt Bishop and David Wagner, “Risks of E-Voting”, Communications of the ACM 50(11) p. 120 (Nov. 2007)
[Ches92]: Bill Cheswick, “An Evening with Berferd in Which a Cracker is Lured, Endured, and Studied”, Proceedings of the Winter USENIX Conference pp. 163–174 (Jan. 1992)
[Clar53]: Arthur C. Clarke, “Superiority”, in Expedition to Earth, Ballantine Books, New York, NY (1953); available at http://www.mayofamily.com/RLM/txt_Clarke_Superiority.html
[Cond]: Jamie Condliffe, “Easily Understand Encryption Using … Paint and Clocks?” available at http://gizmodo.com/5888567/how-to-understand-encryption-using-paint-and-clocks
[Danh11]: Pieter Danhieux, “E-mail Phishing and Scams”, OUCH! (Dec. 2011); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201112_en.pdf
[Danh13]: Pieter Danhieux, “E-mail Phishing Attacks”, OUCH! (Feb. 2013); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf
[Demo13]: Ted Demopoulos, “Social Networking Safely”, OUCH! (Mar. 2013); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201303_en.pdf
[Dery13]: Susan Dery, “Using Whitelisting to Combat Malware Attacks at Fannie Mae”, IEEE Security & Privacy Magazine 11(4) pp. 90–92, (July 2013)
[Educ]: “7 Things You Should Know About Federated Identity Management”, available at http://net.educause.edu/ir/library/pdf/EST0903.pdf
[Eise89]: Ted Eisenberg, David Gries, Juris Hartmanis, Don Holcomb, M. Stuart Lynn, and Thomas Santoro, “The Cornell Commission: On Morris and the Worm”, Communications of the ACM 32(6) pp. 706–709 (June 1989)
[Emer]: “The Security Principles of Saltzer and Schroeder”, available at
http://emergentchaos.com/the-security-principles-of-saltzer-and-schroeder
[Epst13]: Jeremy Epstein, “Are All Types of Internet Voting Unsafe?” IEEE Security & Privacy Magazine 11(3) pp. 3–4 (May 2013)
[Felt06]: Edward W. Felten and J. Alex Halderman, “Digital Rights Management, Spyware, and Security”, IEEE Security & Privacy Magazine 4(1) pp. 18–23 (Jan. 2006)
[Good]: Dan Goodin, “Anatomy of a Hack: How Crackers Ransack Passwords Line ‘qeadzcwrsfxv1331’ ” available at http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords
[Gros12]: Jeremiah Grossman, “The State of Website Security”, IEEE Security \& Privacy Magazine 10(4) pp. 91–93 (July 2012)
[Hipsa]: Ron Hipschman, “The Secret Language”, available at http://www.exploratorium.edu/ronh/secret/secret.html
[Hipsb]: Ron Hipschman, “Internet 101.101.101.101”, available at http://www.exploratorium.edu/ronh/tcpip/index.html
[Hunk11]: Jeffrey Hunker and Christian W. Probst, “Insiders and Insider Threats: An Overview of Definitions and Mitigation Techniques”, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1) pp. 4–27 (2011)
[Jens13]: Jostein Jensen and Martin Gilje Jaatun, “Federated Identity Management—We Built It; Why Won’t They Come?” IEEE Security & Privacy Magazine, 11(2) pp. 34–41 (Mar. 2013)
[John12]: Kevin Johnson, “Securing Your Mobile Device Apps”, OUCH! (Feb. 2012); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201202_en.pdf
[Kauf09]: Lori M. Kaufman, “Data Security in the World of Cloud Computing”, IEEE Security & Privacy Magazine, 7(4) pp. 61–64 (July 2009)
[Kemm02]: Richard A. Kemmerer and Giovanni Vigna, “Intrusion Detection: A Brief History and Overview”, IEEE Computer (Special Issue on Security and Privacy) 35(4) pp. 27–30 (Apr. 2002)
[Kerb12]: Fred Kerby, “Two-Factor Authentication”, OUCH! (Nov. 2012); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201211_en.pdf
[Khur10]: Himanshu Khurana, Mark Hadley, Ning Lu, and Deborah A. Frincke, “Smart-Grid Security Issues”, IEEE Security & Privacy Magazine, 8(1) pp. 81–85 (Jan. 2010)
[Land13]: Susan Landau, “Making Sense from Snowdon: What’s Significant in the NSA Surveillance Revelations”, IEEE Security & Privacy Magazine, 11(4) pp. 54–63 (July 2013)
[Lesk13]: Michael Lesk, “Big Data, Big Brother, Big Money”, IEEE Security & Privacy Magazine 11(4) pp. 85–89 (July 2013)
[Mais10]: William H. Maisel and Tadayoshi Kohno, “Improving the Security and Privacy of Implantable Medical Devices”, New England Journal of Medicine 362(13) pp. 1164–1166 (Apr. 2010)
[Murd12]: Steven Murdoch, Mike Bond, and Ross J. Anderson, “How Certification Systems Fail: Lessons from the Ware Report”, IEEE Security \& Privacy Magazine 10(6) pp. 40–44 (Nov. 2012)
[Nach97]: Cary Nachenberg, “Computer Virus-Antivirus Coevolution”, Communications of the ACM 40(1) pp. 46–51 (Jan. 1997)
[Pfle10]: Charles P. Pfleeger, “Crypto: Not Just for the Defensive Team”, IEEE Security & Privacy Magazine 40(2) pp. 63–66 (Mar. 2010)
[PGPI]: “How PGP Works”, available at http://www.pgpi.org/doc/pgpintro/
[Roch89]: Jon A. Rochlis and Mark W. Eichin, “With Microscope and Tweezers: The Worm from MIT’s Perspective”, Communications of the ACM 32(6) pp. 689–698 (June 1989)
[Salt75]: Jerome H. Saltzer and Michael D. Schroeder, “The Protection of Information in Computer Systems”, Proceedings of the IEEE 63(9) pp. 1278–1308 (Sep. 1975); read pp. 1278–1283
[Secu]: “Two-Step Verification”, OUCH! (Aug. 2013); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201308_en.pdf
[Seel89]: Donn Seeley, “Password Cracking: A Game of Wits”, Communications of the ACM 32(6) pp. 700–703 (June 1989)
[Stol88]: Clifford Stoll, “Stalking the Wily Hacker”, Communications of the ACM 31(5) pp. 484–497 (May 1988)
[Thom84]: Ken Thompson, “Reflections on Trusting Trust,” Communications of the ACM 27(8) pp. 761–763 (Aug. 1984)
[Webp]: “How Does the Internet Work?” available at http://docs.webplatform.org/wiki/concepts/internet_and_web/how_does_the_internet_work
[Whit99]: Alma Whitten and J. D. Tygar, “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”, USENIX Security Symposium (Aug. 1999)
[Wrig11]: Joshua Wright, “Using Your Smartphone Securely”, OUCH! (Feb. 2011); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201102_en.pdf