CSCI 667 – Concepts of Computer Security

[Overview] [Syllabus] Schedule [Research Project]

This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.

Note: The slides will be available after each lecture via a slides link below the lecture topic.

Date Topics Readings Notes
01/26/2023 Course Introduction / Research Methods I
Slides
1. Security Engineering, Chapter 1 (link)
2. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link)
3. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)
Homework 1 assigned; due February 2nd at 11:59pm
01/31/2023 Intro to Crypto
Slides
Security Engineering, Chapter 5.1-5.5 (link)  
02/02/2023 Secret Key Crypto
Slides
1. Security Engineering, Chapter 5.1-5.5 (link)
2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link)
1. Homework 1 Due
2. Feb 3rd Last Day to ADD/DROP
02/07/2023 Secret Key Crypto Continued
Slides
Security Engineering, Chapter 5.6 (link)  
02/09/2023   NO CLASS, NSF PANEL Homework 2 assigned; due February 23rd at 11:59pm
02/14/2023 Project “Speed Dating” 1. USENIX Security Proceedings (link)
2. ACM CCS Proceedings (link)
3. IEEE Security & Privacy Proceedings (link)
4. NDSS Proceedings (link)
Project Proposal assigned; due February 23rd at 11:59pm
02/16/2023 Hashes and Message Authentication
Slides
Security Engineering, Chapter 5.6 (link)  
02/21/2023 Public Key Cryptography
Slides
Security Engineering, Chapter 5.7 (link)
R. Rivest, A. Shamir, and L. Adlemani, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120-126, 1978. (link)
[Deep Dive] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. (link)
 
02/23/2023 Key Agreement and PKI
Slides
1. Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure (link)
2. Creating your own Certificate Authority (link)
3. [Deep Dive] Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Proceedings of the ACM Conference on Computer and Communications Security (CCS). 2015. (link)
1. Project Proposal Due
2. Homework 2 Due
3. Homework 3 assigned; due March 14 at 11:59pm
02/28/2023   NO CLASS, NDSS Travel Related work assigned; due March 23rd at 11:59pm
03/02/2023   NO CLASS, NDSS Travel  
03/07/2023 User Authentication
Slides
1. The science of password selection, Troy Hunt (link)
2. Biometrics, Wikipedia (link)
3. [Deep Dive] P. G. Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. IEEE Symposium on Security and Privacy, 2012. (link)
4. [Optional] D. Florencio, C. Herley, and P. van Oorschot, An Administrator’s Guide to Internet Password Research. Large Installation System Administration Conference (LISA). 2014. (link)
 
03/09/2023 Authentication Protocols
Slides
1. Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link)
2. [Optional] Designing an Authentication System: A Dialogue in Four Scenes (link)
3. B. Clifford Neuman and Theodore Ts’o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link)
 
03/14/2023   NO CLASS, SPRING BREAK Homework 3 Due
03/16/2023   NO CLASS, SPRING BREAK  
03/21/2023 Transport Layer Security
Slides
1. SSL and TLS: A Beginners Guide (link)
2. Creating your own Certificate Authority (link)
 
03/23/2023 Access Control
Slides
1. Operating System Security, Chapters 1, 2, and 5 (link)
2. [Part 1 Only] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
1. Related work Due
2. Research Plan assigned; due April 13th at 11:59pm
Mar 27th Last Day to Withdraw
03/28/2023 Midterm review in class and IFC continued
Slides
   
03/30/2023 Operating Systems Security
Slides
Operating System Security, Chapters 3, 4, and 10 (link)
2. [Optional] Paul A. Karger, Roger R. Schell (2002). “Thirty Years Later: Lessons from the Multics Security Evaluation” Proceedings 18th Annual Computer Security Applications Conference. Los Alamitos, CA, , IEEE Computer Society. , p.119-26 (link)
3. [Optional] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, F. Pollack. HYDRA: the kernel of a multiprocessor operating system. Communications of the ACM (CACM). Volume 17 Issue 6, June 1974. (link)
Midterm Exam 6:20-8PM (Location MCGLTH 002)
04/04/2023 Research Methods II, Midterm Post Exam Review
Slides
   
04/06/2023 Multics and Program Vulnerabilities
Slides
1. Operating System Security, Chapters 1, 2, and 5 (link) [Part 1 Only]
2. J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
 
04/11/2023 Worms, DoS, and Botnets
Slides
1. S. Staniford and V. Paxson and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, August 2002. (link)
2. Paul Bacher, Thorsten Holz, Markus Kotter, George Wichersk. Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. March 2005. (link)
 
04/13/2023 TCP/IP Security
Slides
1. A look back at “Security problems in the TCP/IP protocol suite” (link)
2. Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link)
1. Research Plan Due
04/18/2023 Routing
Slides
Why is it Taking so Long to Secure Internet Routing? (link) Homework 4 assigned; due May 2nd at 11:59pm
04/20/2023   Project Status Presentations  
04/25/2023 Wireless
Slides
1. Security Flaws in 802.11 Data Link Protocols (link)
2. M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security, November, 2017. (link)
3. Brenza et al. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015. (link)
 
04/27/2023 Intrusion Detection
Slides
1. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
2. [Deep Dive] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
1. Homework 5 assigned (BONUS Homework), due May 4th, 11:59 PM
05/02/2023 IoT/Software Security Compliance Guest Lecture - Amit Seal Ami - Homework 4 Due
05/04/2023 Finals Review Zoom 1. Final Paper Due
2. Homework 5 Due (Bonus Assignment)
05/11/2023 Final Exam 9AM - 12 PM, in class  

back to the top