CSE 543 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Readings for Discussion (do readings before class)
08/27/24	Security Basics	Assignment 0 (Due: 08/30/24, 11:59pm)	Course Syllabus Hacked vs. Hackers: Game On - NYTimes.com.pdf Text: Chapter 1
08/29/24	Program Vulnerabilities (Basics of stack and heap)		Buffer Overflow Tutorial Text: Chapter 6
09/03/24	Program Vulnerabilities (Stack overflow)	Review for "Stackguard" paper. review template	Stackguard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. C. Crispin, et al., 7th USENIX Security Symposium, 1998. link
09/05/24	No Class (Instructor needs to attend NSF PI Meeting
09/10/24	Program Vulnerabilities Return-to-Libc Attack	Project 1 release (Due: 09/23/2024, 11:59pm)	Return-Oriented Programming: Systems, Languages, and Applications. R. Roemer, E. Buchanan, H. Shacham, and S. Savage, ACM Trans. Info. Sys. Security 15(1):2, March 2012. link
09/12/24	Program Vulnerabilities (Heap & integer overflow, Format String)		DieHarder: Securing the Heap. link
09/14/24	Return-Oriented Programming Control-Flow Integrity		Control-Flow Integrity. link
09/17/24	Safe Programming Project 1 discussion		Secure Programming HOWTO. D. Wheeler, Sections 2 and 6. link Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link
09/19/24	Authentication		Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. P. G. Kelley et al., IEEE Symposium on Security and Privacy, 2012. link Text: Chapter 3
09/24/24	Cryptography (Part 1)	Project 1 due on 09/23/24 Quiz 1 (announced)	Why Cryptosystems Fail. R. Anderson, 1st ACM Conference on Computer and Communications Security, 1993. link Text: Chapter 2 link
09/26/24	Cryptography (Part 2)	Project 2 release (Due: 10/11/2024, 11:59pm)	Using Encryption for Authentication in Large Networks of Computers. R. Needham and M. Schroeder, CACM, December 1978. link Text: Chapter 4 link
10/01/24	Public Key Cryptosystems (Part 1)		A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. link Text: Chapter 3 link
10/03/21	Public Key Cryptosystems (Part 2)		Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994. link Text: Chapter 4, 8, 11 link
10/08/24	Public Key Cryptosystems (Part 3)
10/10/24	Network Security Vulnerabilities (Part 1)		An Illustrated Guide to the Kaminsky DNS Vulnerability, S. Freidl. link Text: Chapter 10 link
10/15/24	Midterm and Project Review
10/17/24	Mid-term Exam (regular time)
10/22/24	Network Security Vulnerabilities (Part 2)
10/24/24	Network Security Vulnerabilities (Part 3)
10/29/24	Access Control	Project 3 release (Due: 11/11/2024, 11:59pm)
10/31/24	Mandatory Access Control	Review for Dennig's Information Flow paper
11/05/24	Network Security Protocols		SSH - Secure Login Connections Over the Internet. T. Ylonen. USENIX Security 1996. link
11/07/24	Firewalls		The Beginner's Guide to iptables: Linux Firewall, How-To Geek. link FIREMAN: a toolkit for FIREwall Modeling and ANalysis. L. Yuan et al. IEEE Security and Privacy 2006. link Text: Section 8.9 link
11/12/24	Intrusion Detection
11/14/24	Intrusion Detection Quiz 4		A Sense of Self for UNIX Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. link The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. link Text: Section 6.4 link -->
11/19/24	Web Security	Project 4: Web Vulnerabilities Release (Due: 12/8/2024, 11:59pm)	Browser Security Handbook, Part 2 (Same origin policy, Life Outside Same-origin rules, Third-party cookie rules). link Text: Chapter 9 link
11/21/24	Cloud Computing Security
11/26/24	Thanksgiving Break - No class
11/28/24	Thanksgiving Break - No class
12/03/24	Linux Security Module
12/05/24	TBD
12/10/24	TBD
12/12/24	TBD
TBD	Final Exam, Time: TBD, Location: TBD