Lectures

[ Home ] [ Policies ] [ Lectures ] [ Homework ] [ Project ]

Lecture Schedule (Subject to Change)

Lecture #	Date	Concepts	*Reading ()**	Slides
1	1/5 (Mon)	Administrivia, course information, introduction	B 1	[PDF]
2	1/7 (Wed)	Introduction (cont.)	B 13; [SS75]; [L04]; [BLR+04]	[PDF]
3	1/12 (Mon)	Why is security hard?	B 2-3.2; [HRU76]	[PDF]
4	1/14 (Wed)	Policy models	B 4-5; [M85]	[PDF]
-	1/19 (Mon)	Martin Luther King Day (No Class)	-	-
5	1/21 (Wed)	Policy models	B 6-7	[PDF]
6	1/26 (Mon)	RBAC (Guest lecture by Dr. James Joshi)	[OSM00]	-
7	1/28 (Wed)	Symmetric key cryptography	B 9.1-9.2, 9.4, 11.1-11.2; PP 2.1-2.6	[PDF]
8	2/2 (Mon)	Public key cryptography and IBE	B 9.3; PP 2.7; [RSA78]; [S85]; [K07]	[PDF]
9	2/4 (Wed)	Threshold cryptography and secret sharing	[SZ05]; [S79]; [HJ+95]	[PDF]
10	2/9 (Mon)	Authentication and identity	B 12, 14; [L81]	[PDF]
11	2/11 (Wed)	Authentication and key exchange protocols	B 10; [DH76]	[PDF]
12	2/16 (Mon)	Access control	B 15	[PDF]
13	2/18 (Wed)	Operating system security	PP 4-5; [AO96]	[PDF]
14	2/23 (Mon)	Network security	PP 7; B 26	[PDF]
15	2/25 (Wed)	Viruses and worms	B 22; [S89]; [SM+04]	[PDF]
16	3/2 (Mon)	Advanced authorization	[BFL96]; [LMW02]	[PDF]
-	3/4 (Wed)	No Class --- Meet with Dr. Lee to discuss project progress	-	-
-	3/9 (Mon)	Spring Break (No Class)	-	-
-	3/11 (Wed)	Spring Break (No Class)	-	-
17	3/16 (Mon)	Availability and DoS (Guest lecture by Peter Djalaliev)	[JB99]; [SW+00]	[PDF]
Note: All readings beyond this point are required! Prior to class, read each paper and fill out a copy of the review form.
18	3/18 (Wed)	Anonymous communication (Yinglin, Mehmud)	[RR98], [DMS04]	Crowds [PPT] Tor [PPT]
19	3/23 (Mon)	Anonymous publishing (Andrew, Nick)	[WRC00], [WM01]	Publius [PPT] Tangler [PDF]
20	3/25 (Wed)	Virtual machines and security (Brian, Yinglin)	[KC05], [KC+06]	BackTracker [PDF] SubVirt [PPT]
21	3/30 (Mon)	Exam	-	-
22	4/1 (Wed)	Current infrastructure (Andrew, Dr. Lee)	[P99], [SS+08]	Bro [PPT] MD5 [PDF]
23	4/6 (Mon)	Electronic voting (Brian, Mehmud)	[KSW05], [AR06]	AR06 [PDF] KSW05 [PPT]
24	4/8 (Wed)	HCISec (Nick, Ricardo Villamarin-Salomon)	[WT99], [SF05]	Johnny [PDF]
-	4/13 (Mon)	No Class --- Meet with Dr. Lee to discuss final presentation	-	-
-	4/14 (Wed)	No Class --- Meet with Dr. Lee to discuss final presentation	-	-
25	4/20 (Mon)	Project Presentations	-	-
26	4/22 (Wed)	Project Presentations	-	-

Readings

NOTE: In the reading assignments listed above, "B" refers to the Bishop book, "PP" refers to the Pfleeger and Pfleeger book, and other references refer to the papers below. For instance, "B 2-3.2" means to read all of chapter 2 and sections 3.1 and 3.2 of Bishop.

Other Readings:

[AO96] Aleph One, Smashing the Stack for Fun and Profit, Phrack Issue 49, Nov. 1996.
[AR06] Ben Adida and Ronald L. Rivest, Scratch & Vote, in Proceedings of the ACM Workshop on Privacy in the Electronic Society, October 2006.
[BL76] D.E. Bell and L.J. La Padula, Secure Computer System: Unified Exposition and Multics Interpretation, MITRE Technical Report ESD-TR-75-306, March 1976.
[BLR+04] Bharat Bhargava, Leszek Lilien, Arnon Rosenthal, Marianne Winslett, Morris Sloman, Tharam S. Dillon, Elizabeth Chang, Farookh Khadeer Hussain, Wolfgang Nejdl, Daniel Olmedilla, and Vipul Kashyap, The Pudding of Trust, IEEE Intelligent Systems 19(5): 74-88, Sep.-Oct. 2004.
[BFL96] Matt Blaze, Joan Feigenbaum, and Jack Lacy, Decentralized Trust Management, IEEE Symposium on Security and Privacy, May 1996.
[DH76] Whitfield Diffie and Martin E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory 22(6): 644-654, Nov. 1976.
[DMS04] R. Dingledine, N. Mathewson, and P. Syverson, Tor: The Second-Generation Onion Router, USENIX Security, August 2004.
[HJ+95] Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung, Proactive Secret Sharing or: How to Cope with Perpetual Leakage, Proceedings of CRYPTO 1995.
[HRU76] Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman, Protection in Operating Systems, Communications of the ACM 19(8): 461-471, August 1976.
[JB99] Ari Juels and John Brainard, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks, In Proceedings of NDSS 1999, pages 151-165.
[K07] Neal Koblitz, The Uneasy Relationship Between Mathematics and Cryptography, Notices of the AMS 54(8): 972-979, Sep. 2007.
[KC05] Samuel T. King and Peter M. Chen, Backtracking intrusions, ACM Transactions on Computer Systems 23(1): 51-76, Feb. 2005.
[KC+06] Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski, Helen J. Wang, and Jacob R. Lorch, SubVirt: Implementing malware with virtual machines, IEEE Symposium on Security and Privacy, May 2006.
[KSW05] C. Karlof, N. Sastry, and D. Wagner, Cryptographic Voting Protocols: A Systems Perspective, USENIX Security 2005.
[L04] Butler Lampson, Computer Security in the Real World, IEEE Computer 37(6): 37-46, June 2004.
[L81] Leslie Lamport, Password Authentication with Insecure Communication, Communications of the ACM 24(11): 770-772, Nov. 1981.
[LMW02] Ninghui Li, John C. Mitchell, and William H. Winsborough, Design of a Role-based Trust-Management Framework, IEEE Symposium on Security and Privacy, May 2002.
[M85] John McLean, A Comment on the 'Basic Security Theorem' of Bell and LaPadula, Information Processing Letters 20(2): 67-70, Feb. 1985.
[OSM00] Sylvia Osborn, Ravi Sandhu, and Qamar Munawer, Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies, ACM TISSEC 3(2): 85-106, 2000.
[P99] Vern Paxson, Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks 31(23-24): 2435-2463, December 1999.
[RR98] Michael K. Reiter and Aviel D. Rubin, Crowds: Anonymity for Web Transactions, ACM TISSEC 1(1): 66 - 92, Nov. 1998.
[RSA78] R.L. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21(2): 120-126, Feb. 1978.
[S79] Adi Shamir, How to Share a Secret, Communications of the ACM 22(11): 612-613, Nov. 1979.
[S85] Adi Shamir, Identity-Based Cryptosystems and Signature Schemes, Proceedings of CRYPTO 1984, pp. 47-53.
[S89] Eugene Spafford, The Internet Worm: Crisis and Aftermath, Communications of the ACM 32(6): 678-687, June 1989.
[SF05] M. Angela Sasse and Ivan Flechais, Why Do We Need It? How Do We Get It?, Chapter 2 in Security and Usability by Lorrie Faith Cranor and Simson Garfinkle, August 2005.
[SM+04] Stuart Staniford, David Moore, Vern Paxson, and Nicholas Weaver, The Top Speed of Flash Worms, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Oct. 2004.
[SS+08] Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger, MD5 Considered Harmful Today, 25th Annual Chaos Communication Congress, December 2008.
[SS75] Jerome H. Saltzer and Michael D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE 63(9): 1278-1308, Sep. 1975.
[SW+00] Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, Practical Network Support for IP Traceback, Proceedings of SIGCOMM 2000, August 2000.
[SZ05] Fred B. Scheider and Lidong Zhou, Implementing Trustworthy Services Using Replicated State Machines, IEEE Security and Privacy 3(5): 34-43, Sep.-Oct. 2005.
[WM01] M. Waldman, and D. Mazieres, Tangler: A censorship-resistant publishing system based on document entanglements, ACM CCS 2001.
[WRC00] M. Waldman, A. Rubin, and L. Cranor, Publius: A robust, tamper-evident, censorship-resistant and source-anonymous web publishing system, USENIX Security 2000.
[WT99] Alma Whitten and J.D. Tygar, Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, USENIX Security 1999.