Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
| Date | Topic | Assignments Due |
Readings for Discussion (do readings before class) |
|
| 08/23/22 |
|
Assignment 0 (Due: 08/29/2022, 11:59pm) | ||
| 08/25/22 |
|
|||
| 08/30/22 |
(Buffer overflow) |
Project 1 release (Due: 09/20/2022, 11:59 pm) |
Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al., 7th USENIX Security Symposium, 1998.
link
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
link
|
|
| 09/01/22 |
(Buffer overflow) |
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
link
Format String Vulnerabilitylink
|
||
| 09/06/22 |
(Return-to-Libc) |
Review for "Return-Oriented Programming: Systems, Languages, and Applications" paper. review template |
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
link
Format String Vulnerabilitylink
|
|
| 09/06/22 |
(Heap overflow and formal string vulnerabilities) |
Return-Oriented Programming:
Systems, Languages, and Applications. R. Roemer, E.
Buchanan, H. Shacham, and S. Savage, ACM Trans.
Info. Sys. Security 15(1):2, March 2012. link
|
||
| 09/08/22 |
|
Return-Oriented Programming:
Systems, Languages, and Applications. R. Roemer, E.
Buchanan, H. Shacham, and S. Savage, ACM Trans.
Info. Sys. Security 15(1):2, March 2012. link
|
||
| 09/13/22 |
|
Secure Programming HOWTO. D. Wheeler, Sections 2 and 6.
link
|
||
| 09/15/22 |
|
Secure Programming HOWTO. D. Wheeler, Sections 2 and 6.
link |
||
| 09/20/22 |
|
Text: Chapter 5 link
A lattice model of secure information flow. D. Denning, CACM, May 1976.
link
Chapter 2. Access Control Fundamentals.
T. Jaeger, in Operating Systems Security, 2008.
link
|
||
| 09/20/22 |
|
Review for Dennig's Information Flow paper |
Text: Chapter 5 link
Saltzer and Schroeder, The Protection of Information in Computer Systems. Proc. of the IEEE 63(9). 1975
link
|
|
| 09/22/22 |
|
Project 1 due |
Krohn et al., Information Flow Control for Standard OS Abstractions. In PRoc. SOSP, 2007. link
|
|
| 09/27/22 |
|
Project 2 release (Due: 10/17/2022, 11:59pm) |
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al., IEEE Symposium on Security and Privacy, 2012.
link
|
|
| 09/29/22 |
|
Project 2 release (Due: 10/17/2022, 11:59pm) |
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al., IEEE Symposium on Security and Privacy, 2012.
link
|
|
| 10/04/22 |
Class canceled for a conference |
|||
| 10/06/22 |
Cryptography (Symmetric Key Cryptography) |
Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993.
link
Text: Chapter 2
link
|
||
| 10/11/22 |
Cryptography (Symmetric Key Cryptography) |
Review for SSH paper |
Using Encryption for Authentication in Large Networks of Computers.
R. Needham and M. Schroeder, CACM, December 1978.
link
Text: Chapter 4 link
|
|
| 10/13/22 |
Cryptography (Hashing) |
|||
| 10/18/22 |
|
Project 3 release (Due: 11/08/2022, 11:59pm) |
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link
Text: Chapter 3 link
|
|
| 10/20/22 | Mid-term Exam: 12:05-1:20 (regular time) | |||
| 10/25/22 |
|
|||
| 10/27/22 |
Public Key Cryptosystems Network Security Vulnerabilities |
Using Encryption for Authentication in Large Networks of Computers.
R. Needham and M. Schroeder, CACM, December 1978.
link
Text: Chapter 4 link
|
||
| 11/01/22 |
Network Security Vulnerabilities |
|||
| 11/03/22 |
Network Security Vulnerabilities |
|||
| 11/08/22 |
Network Security Protocols |
SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996.
link
Text: Chapter 11
link
|
||
| 11/10/22 |
Firewalls |
The Beginner's Guide to iptables: Linux Firewall, How-To Geek.
link
FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006.
link
Text: Section 8.9
link
|
||
| 11/15/22 |
Firewalls |
Project 4 release (Due: 12/08/2022, 11:59pm) |
A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Text: Section 6.4 link
|
|
| 11/17/22 |
|
Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules).
link
Text: Chapter 9
link
|
||
| 11/22/22 | Thanksgiving Break - No class | |||
| 11/24/22 | Thanksgiving Break - No class | |||
| 11/29/22 | Privacy | Review for Fuzzing | ||
| 12/01/22 | Security Analysis Techniques |
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. link
A Few Billion Lines of Code Later Using Static Analysis to Find Bugs in the Real World. link
CUTE: A Concolic Unit Testing Engine for C. link
ATFuzzer: Dynamic Analysis Framework of AT Interface for Android Smartphones. link
|
||
| 12/06/22 | Cellular Network Security | |||
| 12/08/22 | Cloud Security | |||
| 12/13/22 | Final Exam, Time: 4:40pm-6:30pm, Location: Health and Hum Dev 005 | |||
.