CSCI 667 – Concepts of Computer Security

[Overview] [Syllabus] Schedule [Research Project]

This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.

Note: The slides will be available after each lecture via a slides link below the lecture topic.

Date Topics Readings Notes
01/27/2022 Course Introduction / Research Methods I
1. Security Engineering, Chapter 1 (link)
2. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link)
3. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)
Homework 1 assigned; due February 03 at 11:59pm
02/01/2022 Intro to Crypto
Security Engineering, Chapter 5.1-5.5 (link)  
02/03/2022 Secret Key Crypto
1. Security Engineering, Chapter 5.1-5.5 (link)
2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link)
1. Homework 1 Due
2. Feb 4th Last Day to ADD/DROP
02/08/2022 Hashes and Message Authentication
Security Engineering, Chapter 5.6 (link) Homework 2 assigned; due February 22nd at 11:59pm
02/10/2022 Public Key Cryptography
Security Engineering, Chapter 5.7 (link)
R. Rivest, A. Shamir, and L. Adlemani, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120-126, 1978. (link)
[Deep Dive] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. (link)
02/15/2022 Project “Speed Dating”
1. USENIX Security Proceedings (link)
2. ACM CCS Proceedings (link)
3. IEEE Security & Privacy Proceedings (link)
4. NDSS Proceedings (link)
Project Proposals assigned; due February 24 at 11:59pm
02/17/2022 Key Agreement and PKI
1. Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure (link)
2. Creating your own Certificate Authority (link)
3. [Deep Dive] Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Proceedings of the ACM Conference on Computer and Communications Security (CCS). 2015. (link)
02/22/2022 User Authentication
1. The science of password selection, Troy Hunt (link)
2. Biometrics, Wikipedia (link)
3. [Deep Dive] P. G. Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. IEEE Symposium on Security and Privacy, 2012. (link)
4. [Optional] D. Florencio, C. Herley, and P. van Oorschot, An Administrator’s Guide to Internet Password Research. Large Installation System Administration Conference (LISA). 2014. (link)
1. Homework 2 Due
2. Homework 3 assigned; due March 08 at 11:59pm
02/24/2022 Authentication Protocols
1. Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link)
2. [Optional] Designing an Authentication System: A Dialogue in Four Scenes (link)
3. B. Clifford Neuman and Theodore Ts’o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link)
1. Project Proposals Due
2. Related work assigned; due March 29 at 11:59pm
03/01/2022 Transport Layer Security
1. SSL and TLS: A Beginners Guide (link)
2. Creating your own Certificate Authority (link)
03/03/2022 Access Control
1. Operating System Security, Chapters 1, 2, and 5 (link)
2. [Part 1 Only] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
03/08/2022 Operating Systems Security
Operating System Security, Chapters 3, 4, and 10 (link)
2. [Optional] Paul A. Karger, Roger R. Schell (2002). “Thirty Years Later: Lessons from the Multics Security Evaluation” Proceedings 18th Annual Computer Security Applications Conference. Los Alamitos, CA, , IEEE Computer Society. , p.119-26 (link)
3. [Optional] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, F. Pollack. HYDRA: the kernel of a multiprocessor operating system. Communications of the ACM (CACM). Volume 17 Issue 6, June 1974. (link)
Homework 3 Due
03/10/2022   Research Methods II
03/15/2022   NO CLASS, SPRING BREAK  
03/17/2022   NO CLASS, SPRING BREAK  
03/22/2022   Midterm Review In class
Midterm Exam 5:30-7PM (Location MCGLTH 002)
Research Plan assigned; due April 14 at 11:59pm
03/24/2022 Midterm Post Exam Review   Mar 28th Last Day to Withdraw
03/29/2022 Program Vulnerabilities
1. Operating System Security, Chapters 1, 2, and 5 (link) [Part 1 Only]
2. J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
03/31/2022 Worms, DoS, and Botnets
1. S. Staniford and V. Paxson and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, August 2002. (link)
2. Paul Bacher, Thorsten Holz, Markus Kotter, George Wichersk. Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. March 2005. (link)
Related work Due
04/05/2022 TCP/IP Security
1. A look back at “Security problems in the TCP/IP protocol suite” (link)
2. Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link)
04/07/2022 Routing
Why is it Taking so Long to Secure Internet Routing? (link) Homework 4 assigned; due April 21 at 11:59pm
04/12/2022 Wireless
1. Security Flaws in 802.11 Data Link Protocols (link)
2. M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security, November, 2017. (link)
3. Brenza et al. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015. (link)
04/14/2022 Project Status Presentations   Research Plan Due
04/19/2022 Student’s choice lecture: User Data Privacy    
04/21/2022 Intrusion Detection
1. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
2. [Deep Dive] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
Homework 4 Due
Homework 5 assigned (BONUS Homework), due May 03, 11:59 PM
04/26/2022 IoT Security and Privacy Guest Lecture -  
04/28/2022 IoT Platform Security Guest Lecture -  
05/03/2022 Side Channels
Slides 1
Slides 2
- Homework 5 Due (Bonus Assignment)
05/05/2022 Finals Review Zoom Final Paper Due
05/10/2022 Final Exam Take home, 2 - 5PM  

back to the top