Tentative Syllabus

These topics are tentative and subject to change without warning. In particular, if I don’t discuss something you’re interested in, ask about it! I may very well add it or modify what I’m covering to include it.

All readings are from the text. The starred readings are from newer chapters, which will be available on Canvas.

lec.	date	topic	reading	notes

1.	Wed Sep 21	Intro to computer security	§1
2.	Fri Sep 23	Access control matrix	§2^*
		No discussion section
3.	Mon Sep 26	Android security		Guest Lecturer: Prof. S. Felix Wu
4.	Wed Sep 28	Intrusion detection	§25	Guest Lecturer: Prof. Karl Levitt
5.	Fri Sep 30	Memory safety	[2, 9]	Guest Lecturer: Prof. Hao Chen
dis 2.		Using Canvas; setting up lab
6.	Mon Oct 3	Robust programming I	§14^*, 29
7.	Wed Oct 5	Robust programming II	[3]	homework 1, lab 1 due
8.	Fri Oct 7	Assurance	§18, [10]
dis 3.		Red-team testing
9.	Mon Oct 10	Policies	§4.1^–4.5^
10.	Wed Oct 12	Confidentiality models	§5.1^–5.2.2^, 5.3^–5.4^
11.	Fri Oct 14	Mobile security		Guest Lecturer: Bogdan Copos
dis 3.		Example policies	§G.1^*
12.	Mon Oct 17	Other models	§6.1^, 6.2^, 6.4^*, 7.3, 7.4
13.	Wed Oct 19	Policies in practice	4.6^*, 26.2, 27.2, 28.1
14.	Fri Oct 21	Cryptography	§10.1^–10.2^	homework 2, lab 2 due
dis 4.		Vigenère cipher	§10.2.2.1^*
15.	Mon Oct 24	Public key cryptography	§10.3^–10.4^
16.	Wed Oct 26	Key exchange	§11.1^–11.2^, 11.4^*
17.	Fri Oct 28	Security experiences		Guest Lecturer: Steven Templeton
dis 5.		Elliptic curve cryptography	10.3.4^*
18.	Mon Oct 31	Cryptographic protocols	§12.1^, 12.3^, 12.4.1^*
19.	Wed Nov 2	Network security	§26
20.	Fri Nov 4	Midterm Exam (in class)
dis 6.		Review for Midterm Exam
21.	Mon Nov 7	Elections and Computers	[1, 4]	homework 3, lab 3 due
22.	Wed Nov 9	Authentication	§12	Guest Lecturer: Abhilasha Bhargav-Spantzel (Intel)
—.	Fri Nov 11	no class; Veteran’s Day
dis 7.		Review midterm answers
23.	Mon Nov 14	Identity, anonymity	§15^*, [8]
24.	Wed Nov 16	Access Control	§16^*
25.	Fri Nov 18	Malware I	§23^*
dis 8		wireshark, network traces		homework 4, lab 4 due
26.	Mon Nov 21	Malware II	[5, 7]
27.	Wed Nov 23	Information flow I	§17^*
—.	Fri Nov 25	no class; University holiday
dis 9.		Virtual machines	§17.2, 33
28.	Mon Nov 28	Information flow II	[6]
29.	Wed Nov 30	Confinement	§17
30.	Fri Dec 2	Laws and Ethics	[9, 11]	homework 5
dis 10.		Review for Final Exam
—.	Thu Dec 8	Final exam (at 8:00am)

References

—, Top-to-Bottom Review (July 2007). url: http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/red-overview.pdf.
AlephOne, “Smashing the Stack for Fun and Profit,” Phrack 7(49) (1996). url: http://phrack.org/issues/49/14.html.
M. Bishop, “Robust Programming,” unpublished (Oct. 2016).
D. Chaum, R. T. Carback, J. Clark, A. Essex, Oioiveniuc, R. L. Riveest, P. Y. A. Ryan, E. Shen, A. T. Sherman, and P. L. Vora, “Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes,” IEEE Transactions on Information Forensics and Security 4(4) pp. 611–627 (Dec. 2009). doi: 10.1109/TIFS.2009.2034919.
M.W. Eichin and J. A. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 326–343 (May 1989). doi: 10.1109/SECPRI.1989.36307.
W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Proceedings of the 9th USENIX Symposium on Operating Sysems Design and Implementation (Oct. 2010). url: https://www. usenix.org/legacy/events/osdi10/tech/full_papers/Enck.pdf.
R. Langner, “Stuxnet: Dissecting a Cyberwarfare Weapon,” IEEE Security and Privacy 9(3) pp. 49–51 (May 2011). doi: 10.1109/MSP.2011.67.
S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008). url: https://bitcoin.org/bitcoin.pdf.
H. Shacham, “The Geometry of Innocent Flesh on the Bone: Return-Into-Libc Without Function Calls (On the x86),” Proceedings of the 14th ACM Conference on Computer and Communications Security pp. 552–561 (2007). doi: 10.1145/1315245.1315313.
J. P. Sullins, “A Case Study in Malware Research Ethics Education: When Teaching Bad is Good,” Proceedings of the 2014 IEEE Security and Privacy Workshops pp. 1–4 (May 2014). doi: 10.1109/SPW.2014.46.
J. Viega and J. Epstein, “Why Applying Standards to Web Services Is Not Enough,” IEEE Security and Privacy 4(4) pp. 25–31 (July 2006). doi: 10.1109/MSP.2006.110.
M. Zimmer, “‘But the Data Is Already Public’: On the Ethics of Research in Facebook,” Journal of Information Technology 12(4) pp. 313–325 (Dec. 2010). doi: 10.1007/s10676-010-9227-5.

You can also obtain a PDF version of this.

Version of November 18, 2016 at 10:24AM