CSE 543 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

-->

Date	Topic	Assignments Due	Readings for Discussion (do readings before class)
08/25/20	Introduction	Assignment 0 (Due: 08/28/2020, 11:59pm)	Course Syllabus Hacked vs. Hackers: Game On - NYTimes.com.pdf Text: Chapter 1
08/27/20	Malware		W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. Text: Chapter 7
09/01/20	Program Vulnerabilities	Project 1 release (Due: 09/21/2020, 11:59pm)	Buffer Overflow Tutorial Text: Chapter 6 Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al., 7th USENIX Security Symposium, 1998. link
09/03/20	Return-Oriented Programming	Review for "Return-Oriented Programming" paper. review template	Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
09/08/20	Return-Oriented Programming Safe Programming		Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link
09/10/20	Safe Programming Secure Programming Authentication		Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al., IEEE Symposium on Security and Privacy, 2012. link Text: Chapter 3
09/15/20	Authentication Cryptography		Text: Chapter 2 and 3 link
09/17/20	Cryptography		Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link Text: Chapter 2 link
09/22/20	Cryptography Public Key Cryptosystems	Project 1 due, Project 2 release (Due: 10/12/2020, 11:59pm)	A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Text: Chapter 3 link
09/24/20	Cryptography Public Key Cryptosystems	Review for "Needham-Schroeder" paper	Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link Text: Chapter 4 link
09/29/20	Public Key Cryptosystems Authentication Protocols		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Text: Chapter 4, 8 link
10/01/20	Public Key Cryptosystems Authentication Protocols		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Text: Chapter 4, 8, 11 link
10/06/20	Authentication Protocols Network Security Vulnerabilities	Review for SSH paper	An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link Text: Chapter 11 link
10/08/20	Mid-term Exam: 12:05-1:20 (regular time)
10/13/20	Network Security Vulnerabilities		An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link Text: Chapter 10 link
10/15/20	Network Security Vulnerabilities Network Security Protocols	Project 2 Due, Research project release
10/20/20	Network Security Protocols Firewalls		The Beginner's Guide to iptables: Linux Firewall, How-To Geek. link FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link Text: Section 8.9 link
10/22/20	Firewalls
10/27/20	Access Control Mandatory Access Control		Text: Chapter 5 link A lattice model of secure information flow. D. Denning, CACM, May 1976. link Chapter 2. Access Control Fundamentals. T. Jaeger, in Operating Systems Security, 2008. link
10/29/20	Mandatory Access Control Secure Operating Systems	Review for Dennig's Information Flow paper	seL4: Formal Verification of an OS Kernel. G. Klein et al., Proceedings of the 22nd ACM Symposium on Operating Systems Principles, October 2009. link
11/03/20	Web Security	Project 3: Milestone 1 due on 11/02/2020	Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link Text: Chapter 9 link
11/05/20	Web Security		Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King, Proceedings of the IEEE Symposium on Security and Privacy, 2008. link
11/10/20	Intrusion Detection		A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Text: Section 6.4 link
11/12/20	Security Analysis Techniques		KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. link A Few Billion Lines of Code Later Using Static Analysis to Find Bugs in the Real World. link CUTE: A Concolic Unit Testing Engine for C. link ATFuzzer: Dynamic Analysis Framework of AT Interface for Android Smartphones. link
11/17/20	Cellular Network Security		Defeating IMSI Catchers. link LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. link
11/19/20	Privacy	Project 3: Milestone 2 due on 11/22/2020	Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996. link The Tor Project link Text: Section 10.5 link What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007. link
11/24/20	Thanksgiving Break - No class
11/26/20	Thanksgiving Break - No class
12/01/20	Hardware for Security (Part 1)		Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. In USENIX Security Symposium, Aug. 2004. link
12/03/20	Hardware for Security (Part 2)
12/08/20	Adversarial Machine Learning Linux Security Module		Machine Learning in Adversarial Settings. Patrick McDaniel, Nicolas Papernot, and Berkay Celik. IEEE Security and Privacy Magazine, 14(3), May/June, 2016. link
12/08/20	Cloud Computing Security Bitcoin		AmazonIA: When Elasticity Snaps Back. S. Bugiel, T. Poppelmann, S. Nurnberger, A-R. Sadeghi, and T. Schneider, 18th ACM Conference on Computer and Communications Security, 2011. link The Blockchain: A Gentle Four Page Introduction. Jan Hendrik Witte, ArXiv.org, Dec. 2016. link
12/15/20	Final Exam, Time: 2:30 pm - 4:50 pm