Tentative Syllabus

These dates and topics are tentative and subject to change without warning. In particular, if we don’t discuss something you’re interested in, ask about it! We may very well add it or modify what we’re covering to include it.

The discussion sections will present additional material and examples. They have a few ground rules:

  Fri, Sep 27  Discussion: not held
1.  Fri, Sep 27  What is computer security all about?  [Bish03, Clar53]

2.  Mon, Sep 30  Background: computers, networks, and the web  [Hipsb, Webp]
3.  Wed, Oct 2  Attacks: E-mail, phishing, and other problems  [Danh11, Danh13, Gros12]
  Fri, Oct 4  Discussion: Detecting phishing attacks
4.  Fri, Oct 4  Attacks: Trojan horses, viruses, and other malware  [Eise9, Roch1989, Thom84]

5.  Mon, Oct 7  Attacks: computers and people
6.  Wed, Oct 9  Principles of security  [Emer, Salt75]
  Fri, Oct 11  Discussion: to be arranged
7.  Fri, Oct 11  Cryptography: what’s it all about  [Hispa, Pfle10]

8.  Mon, Oct 14  Classical, public key cryptosystems  [Cond]
9.  Wed, Oct 16  Prove you’re you: authentication  [Good, Kerb12, Secu, Seel89]
  Fri, Oct 18  Discussion: How password cracking works
10.  Fri, Oct 18  Identity management  [Bell10, Educ, Jens13]

11.  Mon, Oct 21  E-mail security  [PGPI, Whit99]
12.  Wed, Oct 23  Firewalls, personal and network-based  [Balc]
  Fri, Oct 25  Discussion: Using PGP
13.  Fri, Oct 25  Network security  [Kauf09, Kemm02]

14.  Mon, Oct 28  Medicine and security  [Alem13, Mais10]
15.  Wed, Oct 30  Security with mobile devices  [Andr13, John12, Wrig11]
  Fri, Nov 1  Discussion: Review for midterm
16.  Fri, Nov 1  Anti-malware (anti-virus) programs  [Dery13, Nach97]

17.  Mon, Nov 4  Midterm Examination
18.  Wed, Nov 6  Digital rights management  [Bish06, Felt06]
  Fri, Nov 8  Discussion: Configuring a firewall
19.  Fri, Nov 8  DRM, Policy and Management  [Adam99, Land13, Lesk13]

  Mon, Nov 11  Veteran’s Day
20.  Wed, Nov 13  to be arranged
  Fri, Nov 15  Discussion: Probing a system
21.  Fri, Nov 15  Social networking: Facebook, Twitter, and all that  [Demo13]

22.  Mon, Nov 18  Elections based on computers  [Bish07, Bish07a, Epst13]
23.  Wed, Nov 20  The insider  [Hunk11]
  Fri, Nov 22  Discussion: More on voting
24.  Fri, Nov 22  Government and other standards and regulations  [Murd12]

25.  Mon, Nov 25  Computer crime and cyber forensics  [Ches92, Stol88]
26.  Wed, Nov 27  Cyberwarfare and cyber terrorism  [Bish03a]
  Fri, Nov 29  Thanksgiving Holiday

27.  Mon, Dec 2  The Power Grid and Other Infrastructure  [Khur10]
28.  Wed, Dec 4  Privacy, Anonymity, And Being Let Alone  [Anto10, Barb06]
  Fri, Dec 6  Discussion: Review for final
29.  Fri, Dec 6  to be arranged

  Wed, Dec 11  Final Examination (10:30am–12:30pm)


Anne Adams and Martina Angela Sasse, “Users Are Not The Enemy”, Communications of the ACM 42(12) pp. 40–46 (Dec. 1999)
Homa Alemzadeh, Ravishankar K. Iyer, Zbigniew Kalbarczyk, and Jai Raman, "Analysis of Safety-Critical Computer Failures in Medical Devices," IEEE Security & Privacy Magazine 11(4) pp. 14–26, (July 2013)
Gennady Andrienko, Aris Gkoulalas-Divanis, Marco Gruteser, Christine Kopp, Thomas Liebig, and Klaus Rechert, “Report from Dagstuhl: The Liberation of Mobile Location Data and its Implications for Privacy Research”, ACM SIGMOBILE Mobile Computing and Communications Review 17(2) pp. 7–18 (Apr. 2013)
Annie I. Ant’on, Julia B. Earp, and Jessica D. Young, “How Internet Users’ Privacy Concerns Have Evolved Since 2002”, IEEE Security & Privacy Magazine, 8(1) pp. 21–27 (Jan. 2010)
Aaron Balchunas, “Introduction to Firewalls”, available at http://www.routeralley.com/ra/docs/intro_firewalls.pdf
Michael Barbaro and Tom Zeller Jr., “A Face is Exposed for AOL Searcher No. 4417749”, New York Times (Aug. 9, 2006); available at http://www.nytimes.com/2006/08/09/technology/09aol.html
Steven M. Bellovin, “Identity and Security”, IEEE Security & Privacy Magazine, 8(2) p. 88 (Mar. 2010)
Matt Bishop, “What Is Computer Security?” IEEE Security & Privacy Magazine, 1(1) pp. 67–69 (Jan. 2003)
Matt Bishop and Emily Goldman, “The Strategy and Tactics of Information Warfare”, Contemporary Security Policy 24(1) pp. 113–139 (June 2003)
Matt Bishop and Deborah A. Frincke, “Who Owns Your Computer?”, IEEE Security & Privacy Magazine 4(2) pp. 61–63 (Mar. 2006)
Matt Bishop, “Overview of Red Team Reports”, available at http://www.sos.ca.gov/voting-systems/oversight/ttbr/red-overview.pdf
Matt Bishop and David Wagner, “Risks of E-Voting”, Communications of the ACM 50(11) p. 120 (Nov. 2007)
Bill Cheswick, “An Evening with Berferd in Which a Cracker is Lured, Endured, and Studied”, Proceedings of the Winter USENIX Conference pp. 163–174 (Jan. 1992)
Arthur C. Clarke, “Superiority”, in Expedition to Earth, Ballantine Books, New York, NY (1953); available at http://www.mayofamily.com/RLM/txt_Clarke_Superiority.html
Jamie Condliffe, “Easily Understand Encryption Using … Paint and Clocks?” available at http://gizmodo.com/5888567/how-to-understand-encryption-using-paint-and-clocks
Pieter Danhieux, “E-mail Phishing and Scams”, OUCH! (Dec. 2011); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201112_en.pdf
Pieter Danhieux, “E-mail Phishing Attacks”, OUCH! (Feb. 2013); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf
Ted Demopoulos, “Social Networking Safely”, OUCH! (Mar. 2013); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201303_en.pdf
Susan Dery, “Using Whitelisting to Combat Malware Attacks at Fannie Mae”, IEEE Security & Privacy Magazine 11(4) pp. 90–92, (July 2013)
“7 Things You Should Know About Federated Identity Management”, available at http://net.educause.edu/ir/library/pdf/EST0903.pdf
Ted Eisenberg, David Gries, Juris Hartmanis, Don Holcomb, M. Stuart Lynn, and Thomas Santoro, “The Cornell Commission: On Morris and the Worm”, Communications of the ACM 32(6) pp. 706–709 (June 1989)
“The Security Principles of Saltzer and Schroeder”, available at
Jeremy Epstein, “Are All Types of Internet Voting Unsafe?” IEEE Security & Privacy Magazine 11(3) pp. 3–4 (May 2013)
Edward W. Felten and J. Alex Halderman, “Digital Rights Management, Spyware, and Security”, IEEE Security & Privacy Magazine 4(1) pp. 18–23 (Jan. 2006)
Dan Goodin, “Anatomy of a Hack: How Crackers Ransack Passwords Line ‘qeadzcwrsfxv1331’ ” available at http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords
Jeremiah Grossman, “The State of Website Security”, IEEE Security \& Privacy Magazine 10(4) pp. 91–93 (July 2012)
Ron Hipschman, “The Secret Language”, available at http://www.exploratorium.edu/ronh/secret/secret.html
Ron Hipschman, “Internet”, available at http://www.exploratorium.edu/ronh/tcpip/index.html
Jeffrey Hunker and Christian W. Probst, “Insiders and Insider Threats: An Overview of Definitions and Mitigation Techniques”, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1) pp. 4–27 (2011)
Jostein Jensen and Martin Gilje Jaatun, “Federated Identity Management—We Built It; Why Won’t They Come?” IEEE Security & Privacy Magazine, 11(2) pp. 34–41 (Mar. 2013)
Kevin Johnson, “Securing Your Mobile Device Apps”, OUCH! (Feb. 2012); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201202_en.pdf
Lori M. Kaufman, “Data Security in the World of Cloud Computing”, IEEE Security & Privacy Magazine, 7(4) pp. 61–64 (July 2009)
Richard A. Kemmerer and Giovanni Vigna, “Intrusion Detection: A Brief History and Overview”, IEEE Computer (Special Issue on Security and Privacy) 35(4) pp. 27–30 (Apr. 2002)
Fred Kerby, “Two-Factor Authentication”, OUCH! (Nov. 2012); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201211_en.pdf
Himanshu Khurana, Mark Hadley, Ning Lu, and Deborah A. Frincke, “Smart-Grid Security Issues”, IEEE Security & Privacy Magazine, 8(1) pp. 81–85 (Jan. 2010)
Susan Landau, “Making Sense from Snowdon: What’s Significant in the NSA Surveillance Revelations”, IEEE Security & Privacy Magazine, 11(4) pp. 54–63 (July 2013)
Michael Lesk, “Big Data, Big Brother, Big Money”, IEEE Security & Privacy Magazine 11(4) pp. 85–89 (July 2013)
William H. Maisel and Tadayoshi Kohno, “Improving the Security and Privacy of Implantable Medical Devices”, New England Journal of Medicine 362(13) pp. 1164–1166 (Apr. 2010)
Steven Murdoch, Mike Bond, and Ross J. Anderson, “How Certification Systems Fail: Lessons from the Ware Report”, IEEE Security \& Privacy Magazine 10(6) pp. 40–44 (Nov. 2012)
Cary Nachenberg, “Computer Virus-Antivirus Coevolution”, Communications of the ACM 40(1) pp. 46–51 (Jan. 1997)
Charles P. Pfleeger, “Crypto: Not Just for the Defensive Team”, IEEE Security & Privacy Magazine 40(2) pp. 63–66 (Mar. 2010)
“How PGP Works”, available at http://www.pgpi.org/doc/pgpintro/
Jon A. Rochlis and Mark W. Eichin, “With Microscope and Tweezers: The Worm from MIT’s Perspective”, Communications of the ACM 32(6) pp. 689–698 (June 1989)
Jerome H. Saltzer and Michael D. Schroeder, “The Protection of Information in Computer Systems”, Proceedings of the IEEE 63(9) pp. 1278–1308 (Sep. 1975); read pp. 1278–1283
“Two-Step Verification”, OUCH! (Aug. 2013); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201308_en.pdf
Donn Seeley, “Password Cracking: A Game of Wits”, Communications of the ACM 32(6) pp. 700–703 (June 1989)
Clifford Stoll, “Stalking the Wily Hacker”, Communications of the ACM 31(5) pp. 484–497 (May 1988)
Ken Thompson, “Reflections on Trusting Trust,” Communications of the ACM 27(8) pp. 761–763 (Aug. 1984)
“How Does the Internet Work?” available at http://docs.webplatform.org/wiki/concepts/internet_and_web/how_does_the_internet_work
Alma Whitten and J. D. Tygar, “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”, USENIX Security Symposium (Aug. 1999)
Joshua Wright, “Using Your Smartphone Securely”, OUCH! (Feb. 2011); available at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201102_en.pdf

You can also obtain a PDF version of this. Version of September 26, 2013 at 7:42PM