CSCI 667 – Concepts of Computer Security

[Overview] [Syllabus] Schedule [Research Project]

This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.

Note: The slides will be available after each lecture via a slides link below the lecture topic.

Date Topics Readings Notes
08/29/2024 Course Introduction / Research Methods I
Slides
1. Security Engineering, Chapter 1 (link)
2. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link)
3. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)
Homework 1 assigned; due September 5th at 11:59pm
09/03/2024 Intro to Crypto
Slides
Security Engineering, Chapter 5.1-5.5 (link)  
09/05/2024   NO CLASS, NSF SATC PI MEETING 1. Homework 1 Due
2. Sept 9th Last Day to ADD/DROP
09/10/2024 Secret Key Crypto
Slides
1. Security Engineering, Chapter 5.1-5.5 (link)
2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link)
 
09/12/2024 Secret Key Crypto Continued
Slides
Security Engineering, Chapter 5.6 (link)  
09/17/2024 Project “Speed Dating” 1. USENIX Security Proceedings (link)
2. ACM CCS Proceedings (link)
3. IEEE Security & Privacy Proceedings (link)
4. NDSS Proceedings (link)
Project Proposal assigned; due September 24th at 11:59pm
09/19/2024 Hashes and Message Authentication
Slides
Security Engineering, Chapter 5.6 (link) Homework 2 assigned; due October 3rd at 11:59pm
09/24/2024 Public Key Cryptography
Slides
Security Engineering, Chapter 5.7 (link)
R. Rivest, A. Shamir, and L. Adlemani, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120-126, 1978. (link)
[Deep Dive] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. (link)
1. Project Proposal Due
2. Related work assigned; due October 15th at 11:59pm
09/26/2024 Key Agreement and PKI
Slides
1. Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure (link)
2. Creating your own Certificate Authority (link)
3. [Deep Dive] Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Proceedings of the ACM Conference on Computer and Communications Security (CCS). 2015. (link)
 
10/01/2024 User Authentication
Slides
1. The science of password selection, Troy Hunt (link)
2. Biometrics, Wikipedia (link)
3. [Deep Dive] P. G. Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. IEEE Symposium on Security and Privacy, 2012. (link)
4. [Optional] D. Florencio, C. Herley, and P. van Oorschot, An Administrator’s Guide to Internet Password Research. Large Installation System Administration Conference (LISA). 2014. (link)
 
10/03/2024 Authentication Protocols
Slides
1. Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link)
2. [Optional] Designing an Authentication System: A Dialogue in Four Scenes (link)
3. B. Clifford Neuman and Theodore Ts’o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link)
1. Homework 2 Due
2. Homework 3 assigned; due October 17 at 11:59pm
10/08/2024 Transport Layer Security
Slides
1. SSL and TLS: A Beginners Guide (link)
2. Creating your own Certificate Authority (link)
 
10/10/2024 NO CLASS, FALL BREAK    
10/15/2024 Access Control
Slides
1. Operating System Security, Chapters 1, 2, and 5 (link)
2. [Part 1 Only] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
1. Related work Due
2. Research Plan assigned; due November 14th at 11:59pm
10/17/2024 Midterm review in class and IFC continued
Slides
  Homework 3 Due
10/22/2024 Midterm Exam (in class), 8 - 9:20 AM    
10/24/2024 Research Methods II, Midterm Post Exam Review
Slides
  Oct 28th Last Day to WithdrawH
10/29/2024 Operating Systems Security [V] Slides Chapters 3, 4, and 10 (link)
2. [Optional] Paul A. Karger, Roger R. Schell (2002). “Thirty Years Later: Lessons from the Multics Security Evaluation” Proceedings 18th Annual Computer Security Applications Conference. Los Alamitos, CA, , IEEE Computer Society. , p.119-26 (link)
3. [Optional] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, F. Pollack. HYDRA: the kernel of a multiprocessor operating system. Communications of the ACM (CACM). Volume 17 Issue 6, June 1974. (link)
 
10/31/2024 Guest Lecture – Prianka Mandal, Qualitative Analysis, IoT Security, and Law    
11/05/2024   NO CLASS, ELECTION DAY  
11/07/2024 Multics and Program Vulnerabilities [V]
Slides
1. Operating System Security, Chapters 1, 2, and 5 (link) [Part 1 Only]
2. J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
 
11/12/2024 Worms, DoS, and Botnets [V]
Slides
1. S. Staniford and V. Paxson and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, August 2002. (link)
2. Paul Bacher, Thorsten Holz, Markus Kotter, George Wichersk. Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. March 2005. (link)
 
11/14/2024 Guest Lecture – Sunil Manandhar. LLMs for Privacy and Compliance Analysis Research Plan Due
11/19/2024 TCP/IP Security
Slides
1. A look back at “Security problems in the TCP/IP protocol suite” (link)
2. Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link)
 
11/21/2024 Project Status Presentations   Homework 4 assigned; due December 5th at 11:59pm
11/26/2024 Routing
Slides
Why is it Taking so Long to Secure Internet Routing? (link) [Remote Instruction Day]
11/28/2024 NO CLASS, THANKSGIVING HOLIDAY    
12/03/2024 Wireless
Slides
1. Security Flaws in 802.11 Data Link Protocols (link)
2. M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security, November, 2017. (link)
3. Brenza et al. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015. (link)
Homework 5 assigned (BONUS Homework), due December 10th, 11:59 PM
12/05/2024 Intrusion Detection
Slides
1. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
2. [Deep Dive] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
1. Final Paper Due
2. Homework 4 Due
3. Final Review (Zoom), Dec 15, 9 AM - 10:30 AM
12/17/2023 Final Exam 2PM - 5 PM, in class  

back to the top