CSE 597 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Readings for Discussion (do readings before class)
08/24/21	Introduction	Assignment 0 (Due: 08/27/2121, 11:59pm)	Course Syllabus Hacked vs. Hackers: Game On - NYTimes.com.pdf Security Mindset by Bruce Schneier Text: Chapter 1
08/26/21	Malware		W32.Stuxnet Dossier. Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. Text: Chapter 7
08/31/21	Program Vulnerabilities	Project 1 release (Due: 09/20/2021, 11:59pm)	Buffer Overflow Tutorial Text: Chapter 6 Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al., 7th USENIX Security Symposium, 1998. link
09/02/21	Return-Oriented Programming	Review for "The Geometry of Innocent Flesh on the Bone" paper. review template	The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). link Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
09/07/21	Return-Oriented Programming Safe Programming		Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link
09/09/21	Safe Programming Secure Programming		Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link
09/14/21	Secure Programming Authentication		Text: Chapter 2 and 3 link Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al., IEEE Symposium on Security and Privacy, 2012. link
09/16/21	Authentication Cryptography		Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link Text: Chapter 2 link
09/21/21	Authentication Cryptography	Project 1 due, Project 2 release (Due: 10/11/2021, 11:59pm)
09/23/21	Authentication Cryptography
09/28/21	Cryptography
09/30/21	Cryptography	Review for SSH paper Project 2 release	Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Text: Chapter 4, 8, 11 link
10/05/21	Public Key Cryptosystems		A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Text: Chapter 3 link
10/07/21	Web Security (Part 1)		Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link Text: Chapter 9 link
10/12/21	Web Security (Part 1)	Review for Secure Web OP browser paper
10/14/21	Mid-term Exam: 12:05-1:20 (regular time)
10/19/21	Web Security (Part 2)
10/21/21	Network Security Vulnerabilities		An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link Text: Chapter 11 link
10/26/21	Network Security Protocols	Project 2 due Project 3 released	An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link Text: Chapter 11 link
10/28/21	Network Security Protocols	Review for DNS attack paper	The Beginner's Guide to iptables: Linux Firewall, How-To Geek. link FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link Text: Section 8.9 link
11/02/21	Network Security Protocols Firewalls		The Beginner's Guide to iptables: Linux Firewall, How-To Geek. link FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link Text: Section 8.9 link
11/04/21	Intrusion Detection		A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Text: Section 6.4 link
11/09/21	Access Control		Text: Chapter 5 link A lattice model of secure information flow. D. Denning, CACM, May 1976. link Chapter 2. Access Control Fundamentals. T. Jaeger, in Operating Systems Security, 2008. link
11/11/21	Mandatory Access Control
11/16/21	Mandatory Access Control
11/18/21	Privacy		Proxies for Anonymous Routing. M. Reed, P. Syverson, D. Goldschlag. 12th Anual Computer Security Applications Conference, 1996. link The Tor Project link Text: Section 10.5 link What Virtualization Can Do for Security. T. Garfinkel and A. Warfield. ;login 32(6) 2007. link
11/23/21	Thanksgiving Break - No class
11/25/21	Thanksgiving Break - No class
11/30/21	Security Analysis Techniques		KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. link A Few Billion Lines of Code Later Using Static Analysis to Find Bugs in the Real World. link CUTE: A Concolic Unit Testing Engine for C. link ATFuzzer: Dynamic Analysis Framework of AT Interface for Android Smartphones. link
12/02/21	Cellular Network Security		Defeating IMSI Catchers. link LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. link
12/07/21	Hardwar Security
12/09/21	Blockchain and Bitcoin		The Blockchain: A Gentle Four Page Introduction. Jan Hendrik Witte, ArXiv.org, Dec. 2016. link
TBD	Final Exam, Time: TBD, Location: TBD

CSE 543 - Course Calendar