This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.
Note: The slides will be available after each lecture via a slides link below the lecture topic.
| Date | Topics | Readings | Notes |
|---|---|---|---|
| 08/29/2024 | Course Introduction / Research Methods I Slides |
1. Security Engineering, Chapter 1 (link) 2. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link) 3. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link) |
Homework 1 assigned; due September 5th at 11:59pm |
| 09/03/2024 | Intro to Crypto Slides |
Security Engineering, Chapter 5.1-5.5 (link) | |
| 09/05/2024 | NO CLASS, NSF SATC PI MEETING | 1. Homework 1 Due 2. Sept 9th Last Day to ADD/DROP |
|
| 09/10/2024 | Secret Key Crypto Slides |
1. Security Engineering, Chapter 5.1-5.5 (link) 2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link) |
|
| 09/12/2024 | Secret Key Crypto Continued Slides |
Security Engineering, Chapter 5.6 (link) | |
| 09/17/2024 | Project “Speed Dating” | 1. USENIX Security Proceedings (link) 2. ACM CCS Proceedings (link) 3. IEEE Security & Privacy Proceedings (link) 4. NDSS Proceedings (link) |
Project Proposal assigned; due September 24th at 11:59pm |
| 09/19/2024 | Hashes and Message Authentication Slides |
Security Engineering, Chapter 5.6 (link) | Homework 2 assigned; due October 3rd at 11:59pm |
| 09/24/2024 | Public Key Cryptography Slides |
Security Engineering, Chapter 5.7 (link) R. Rivest, A. Shamir, and L. Adlemani, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120-126, 1978. (link) [Deep Dive] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. (link) |
1. Project Proposal Due 2. Related work assigned; due October 15th at 11:59pm |
| 09/26/2024 | Key Agreement and PKI Slides |
1. Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure (link) 2. Creating your own Certificate Authority (link) 3. [Deep Dive] Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Proceedings of the ACM Conference on Computer and Communications Security (CCS). 2015. (link) |
|
| 10/01/2024 | User Authentication Slides |
1. The science of password selection, Troy Hunt (link) 2. Biometrics, Wikipedia (link) 3. [Deep Dive] P. G. Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. IEEE Symposium on Security and Privacy, 2012. (link) 4. [Optional] D. Florencio, C. Herley, and P. van Oorschot, An Administrator’s Guide to Internet Password Research. Large Installation System Administration Conference (LISA). 2014. (link) |
|
| 10/03/2024 | Authentication Protocols Slides |
1. Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link) 2. [Optional] Designing an Authentication System: A Dialogue in Four Scenes (link) 3. B. Clifford Neuman and Theodore Ts’o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link) |
1. Homework 2 Due 2. Homework 3 assigned; due October 17 at 11:59pm |
| 10/08/2024 | Transport Layer Security Slides |
1. SSL and TLS: A Beginners Guide (link) 2. Creating your own Certificate Authority (link) |
|
| 10/10/2024 | NO CLASS, FALL BREAK | ||
| 10/15/2024 | Access Control Slides |
1. Operating System Security, Chapters 1, 2, and 5 (link) 2. [Part 1 Only] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link) |
1. Related work Due 2. Research Plan assigned; due November 14th at 11:59pm |
| 10/17/2024 | Midterm review in class and IFC continued Slides |
Homework 3 Due | |
| 10/22/2024 | Midterm Exam (in class), 8 - 9:20 AM | ||
| 10/24/2024 | Research Methods II, Midterm Post Exam Review Slides |
Oct 28th Last Day to WithdrawH | |
| 10/29/2024 | Operating Systems Security [V] Slides | Chapters 3, 4, and 10 (link) 2. [Optional] Paul A. Karger, Roger R. Schell (2002). “Thirty Years Later: Lessons from the Multics Security Evaluation” Proceedings 18th Annual Computer Security Applications Conference. Los Alamitos, CA, , IEEE Computer Society. , p.119-26 (link) 3. [Optional] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, F. Pollack. HYDRA: the kernel of a multiprocessor operating system. Communications of the ACM (CACM). Volume 17 Issue 6, June 1974. (link) |
|
| 10/31/2024 | Guest Lecture – Prianka Mandal, Qualitative Analysis, IoT Security, and Law | ||
| 11/05/2024 | NO CLASS, ELECTION DAY | ||
| 11/07/2024 | Multics and Program Vulnerabilities [V] Slides |
1. Operating System Security, Chapters 1, 2, and 5 (link) [Part 1 Only] 2. J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link) |
|
| 11/12/2024 | Worms, DoS, and Botnets [V] Slides |
1. S. Staniford and V. Paxson and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, August 2002. (link) 2. Paul Bacher, Thorsten Holz, Markus Kotter, George Wichersk. Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. March 2005. (link) |
|
| 11/14/2024 | Guest Lecture – Sunil Manandhar. | LLMs for Privacy and Compliance Analysis | Research Plan Due |
| 11/19/2024 | TCP/IP Security Slides |
1. A look back at “Security problems in the TCP/IP protocol suite” (link) 2. Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link) |
|
| 11/21/2024 | Project Status Presentations | Homework 4 assigned; due December 5th at 11:59pm | |
| 11/26/2024 | Routing Slides |
Why is it Taking so Long to Secure Internet Routing? (link) | [Remote Instruction Day] |
| 11/28/2024 | NO CLASS, THANKSGIVING HOLIDAY | ||
| 12/03/2024 | Wireless Slides |
1. Security Flaws in 802.11 Data Link Protocols (link) 2. M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security, November, 2017. (link) 3. Brenza et al. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015. (link) |
Homework 5 assigned (BONUS Homework), due December 10th, 11:59 PM |
| 12/05/2024 | Intrusion Detection Slides |
1. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link) 2. [Deep Dive] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link) |
1. Final Paper Due 2. Homework 4 Due 3. Final Review (Zoom), Dec 15, 9 AM - 10:30 AM |
| 12/17/2023 | Final Exam | 2PM - 5 PM, in class |