This course schedule is preliminary, and will be altered as the semester progresses. While I will try to announce changes as they happen, it is the responsibility of the students to frequently check this web-page for any changes to the schedule, readings or assignments.
Note: The slides will be available after each lecture via a slides link below the lecture topic.
| Date | Topics | Readings | Notes |
|---|---|---|---|
| 01/26/2023 | Course Introduction / Research Methods I Slides |
1. Security Engineering, Chapter 1 (link) 2. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link) 3. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link) |
Homework 1 assigned; due February 2nd at 11:59pm |
| 01/31/2023 | Intro to Crypto Slides |
Security Engineering, Chapter 5.1-5.5 (link) | |
| 02/02/2023 | Secret Key Crypto Slides |
1. Security Engineering, Chapter 5.1-5.5 (link) 2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS ‘93. (link) |
1. Homework 1 Due 2. Feb 3rd Last Day to ADD/DROP |
| 02/07/2023 | Secret Key Crypto Continued Slides |
Security Engineering, Chapter 5.6 (link) | |
| 02/09/2023 | NO CLASS, NSF PANEL | Homework 2 assigned; due February 23rd at 11:59pm | |
| 02/14/2023 | Project “Speed Dating” | 1. USENIX Security Proceedings (link) 2. ACM CCS Proceedings (link) 3. IEEE Security & Privacy Proceedings (link) 4. NDSS Proceedings (link) |
Project Proposal assigned; due February 23rd at 11:59pm |
| 02/16/2023 | Hashes and Message Authentication Slides |
Security Engineering, Chapter 5.6 (link) | |
| 02/21/2023 | Public Key Cryptography Slides |
Security Engineering, Chapter 5.7 (link) R. Rivest, A. Shamir, and L. Adlemani, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120-126, 1978. (link) [Deep Dive] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999), June 1983. (link) |
|
| 02/23/2023 | Key Agreement and PKI Slides |
1. Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure (link) 2. Creating your own Certificate Authority (link) 3. [Deep Dive] Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Proceedings of the ACM Conference on Computer and Communications Security (CCS). 2015. (link) |
1. Project Proposal Due 2. Homework 2 Due 3. Homework 3 assigned; due March 14 at 11:59pm |
| 02/28/2023 | NO CLASS, NDSS Travel | Related work assigned; due March 23rd at 11:59pm | |
| 03/02/2023 | NO CLASS, NDSS Travel | ||
| 03/07/2023 | User Authentication Slides |
1. The science of password selection, Troy Hunt (link) 2. Biometrics, Wikipedia (link) 3. [Deep Dive] P. G. Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. IEEE Symposium on Security and Privacy, 2012. (link) 4. [Optional] D. Florencio, C. Herley, and P. van Oorschot, An Administrator’s Guide to Internet Password Research. Large Installation System Administration Conference (LISA). 2014. (link) |
|
| 03/09/2023 | Authentication Protocols Slides |
1. Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link) 2. [Optional] Designing an Authentication System: A Dialogue in Four Scenes (link) 3. B. Clifford Neuman and Theodore Ts’o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link) |
|
| 03/14/2023 | NO CLASS, SPRING BREAK | Homework 3 Due | |
| 03/16/2023 | NO CLASS, SPRING BREAK | ||
| 03/21/2023 | Transport Layer Security Slides |
1. SSL and TLS: A Beginners Guide (link) 2. Creating your own Certificate Authority (link) |
|
| 03/23/2023 | Access Control Slides |
1. Operating System Security, Chapters 1, 2, and 5 (link) 2. [Part 1 Only] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link) |
1. Related work Due 2. Research Plan assigned; due April 13th at 11:59pm Mar 27th Last Day to Withdraw |
| 03/28/2023 | Midterm review in class and IFC continued Slides |
||
| 03/30/2023 | Operating Systems Security Slides |
Operating System Security, Chapters 3, 4, and 10 (link) 2. [Optional] Paul A. Karger, Roger R. Schell (2002). “Thirty Years Later: Lessons from the Multics Security Evaluation” Proceedings 18th Annual Computer Security Applications Conference. Los Alamitos, CA, , IEEE Computer Society. , p.119-26 (link) 3. [Optional] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, F. Pollack. HYDRA: the kernel of a multiprocessor operating system. Communications of the ACM (CACM). Volume 17 Issue 6, June 1974. (link) |
Midterm Exam 6:20-8PM (Location MCGLTH 002) |
| 04/04/2023 | Research Methods II, Midterm Post Exam Review Slides |
||
| 04/06/2023 | Multics and Program Vulnerabilities Slides |
1. Operating System Security, Chapters 1, 2, and 5 (link) [Part 1 Only] 2. J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link) |
|
| 04/11/2023 | Worms, DoS, and Botnets Slides |
1. S. Staniford and V. Paxson and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, August 2002. (link) 2. Paul Bacher, Thorsten Holz, Markus Kotter, George Wichersk. Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. March 2005. (link) |
|
| 04/13/2023 | TCP/IP Security Slides |
1. A look back at “Security problems in the TCP/IP protocol suite” (link) 2. Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link) |
1. Research Plan Due |
| 04/18/2023 | Routing Slides |
Why is it Taking so Long to Secure Internet Routing? (link) | Homework 4 assigned; due May 2nd at 11:59pm |
| 04/20/2023 | Project Status Presentations | ||
| 04/25/2023 | Wireless Slides |
1. Security Flaws in 802.11 Data Link Protocols (link) 2. M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security, November, 2017. (link) 3. Brenza et al. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015. (link) |
|
| 04/27/2023 | Intrusion Detection Slides |
1. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link) 2. [Deep Dive] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link) |
1. Homework 5 assigned (BONUS Homework), due May 4th, 11:59 PM |
| 05/02/2023 | IoT/Software Security Compliance Guest Lecture - Amit Seal Ami | - | Homework 4 Due |
| 05/04/2023 | Finals Review | Zoom | 1. Final Paper Due 2. Homework 5 Due (Bonus Assignment) |
| 05/11/2023 | Final Exam | 9AM - 12 PM, in class |