Lecture Schedule

The syllabus below is tentative, and is subject to change as the semester progresses. I will continually update it to reflect what we have covered in class thus far.

You are responsible for all the material referenced below, even if it not explicitly covered in class, unless it is explicitly marked 'optional'. "KPS" refers to "Network Security: Private Communication in a Public World" (2nd edition), by Kaufman, Perlman, and Speciner.

I provide a copy of my slides for convenience. They do not always include everything I cover in class! Looking at these slides is not a substitute for attending lectures. You are responsible for material covered in class, even if it is not covered in the reading material below.

Lecture	Date	Summary, Slides, and Reading
Security Basics and Course Overview
1	Aug 31	Introduction, course overview, and why security is harder than it looks Slides for lecture 1 Reflections on Trusting Trust, by Thompson Inside the Twisted Mind of the Security Professional, by Schneier We are All Security Customers, by Schneier Information Security and Externalities, by Schneier. Preface and Chapter 1 (except Section 1.7) of Security Engineering, by Anderson
Cryptography: Its Uses and Limitations
2	Sept 2	Introduction to cryptography Slides for lecture 2 Sections 1.1, 1.2, and 1.3 of Introduction to Modern Cryptography, by Katz and Lindell
***	Sept 7	No Classes -- Labor Day
3	Sept 9	JCA; Private-key encryption basics The TA's presentation on JCA (you may also wish to look at the materials from Spring '08) Slides for lecture 3
4	Sept 14	Private-key encryption, message authentication Slides for lecture 4
5	Sept 16	Message authentication, hashing, basic number theory Slides for lecture 5
6	Sept 21	Diffie-Hellman key exchange; the public-key setting; public-key encryption Slides for lecture 6
7	Sept 23	Public-key encryption, non-malleability Slides for lecture 7
8	Sept 28	Rootkits and malware (guest lecture by Prof. Arbaugh)
9	Sept 30	Digital signatures. Crypto pitfalls Slides for lecture 9 Three essays by Schneier: Why Cryptography is Harder than it Looks, Risks of Relying on Cryptography, Security Pitfalls in Cryptography The following articles are completely optional, and are intended for those who enjoy this sort of material: Implementation Pitfalls, by Kohno Lessons Learned in Implementing and Deploying Crypto Software, by Gutmann
10	Oct 5	Crypto pitfalls and case studies Slides for lecture 10 Why Cryptosystems Fail, by Anderson The following articles are completely optional: Attacking the Mifare classic: Reverse Engineering a Cryptographic RFID Tag, by Nohl et al. A report on the attack Wirelessly Pickpocketing a Mifare Classic Card, by Garcia et al.
11	Oct 7	Crypto pitfalls and case studies; circumventing crypto; side channel attacks Slides for lecture 11 Analysis of an Electronic Voting System, by Kohno et al. WEP insecurity: Security flaws in 802.11 Data Link Protocols, by Cam-Winget et al., Intercepting Mobile Communications: The Insecurity of 802.11 by Borisov et al. Plaintext Recovery Attacks Against SSH, by Albrecht et al. Lest We Remember: Cold Boot Attacks on Encryption Keys, by Halderman et al. (skip Section 5) The following articles are completely optional: More on WEP (in)security: Bittau et al., Housley and Arbaugh Remote Timing Attacks are Practical, by Brumley and Boneh (we covered this briefly in lecture 12; the article gives additional technical detail). Acoustic attacks TEMPEST (see also wikipedia)
System Security
12	Oct 12	General principles, introduction to systems security Slides for lecture 12 The following article was discussed in class, but is completely optional: The Protection of Information in Computer Systems, by Saltzer and Schroeder.
13	Oct 14	Access control, ACLs vs. capabilities, access control models Slides for lecture 13 The following articles were discussed in class, but are completely optional: The Confused Deputy (or: Why Capabilities Might Have Been Invented), by Hardy Capability Myths Demolished, by Miller, Yee, and Shapiro (mainly pages 1-10)
14	Oct 19	Access control models, trusted computing Slides for lecture 14
Database Security, Privacy, Anonymity
15	Oct 21	Database security Slides for lecture 15 (Note: The midterm will cover up through slide 41, since that is all we covered in class today. I will cover the remaining slides in class on Nov. 2.) Maintaining Patient Confidentiality..., by Sweeney The following is optional: Security-Control Methods for Statistical Databases: A Comparative Study, by Adam and Wortmann, Sections 1-5 (Note: this is just meant to reinforce the mechanisms discussed in class; some of the math goes beyond what we covered)
16	Oct 26	Anonymity, Tor, onion routing (guest lecture by Dr. Paul Syverson) Slides for lecture 16 Tor: The Second-Generation Onion Router, by Dingledine, Mathewson, and Syverson Challenges in deploying low-latency anonymity, by Dingledine, Mathewson, and Syverson Additional references (optional): Main Tor page (plenty of information, and you can download Tor too!) The onion routing page
***	Oct 28	Midterm
Programming Language Security
17	Nov 2	Database privacy. Buffer overflow attacks Slides for lecture 17 Smashing the Stack for Fun and Profit, by Aleph One The following are optional: w00w00 on Heap Overflows, by Matt Conover (a.k.a. Shok) & w00w00 Security Team Low-Level Software Security: Attacks and Defenses, by Erlingsson Additional references for buffer overflow attacks (may be helpful for the homework)
18	Nov 4	Buffer overflow attacks, SQL injection attacks Slides for lecture 18 Here are the examples I covered in class: program 1, program 2 and an explanation, and program 3 The following are optional: Blended Attacks..., by Chien and Szor Exploiting Format String Vulnerabilities, by scut/team teso
Network Security
19	Nov 9	Web security, XSS, XSRF, etc. Slides for lecture 19
20	Nov 11	Authentication overview; password-based authentication Slides for lecture 20 Reading for the next few lectures: KPS, Sections 9.1-9.6, 9.7.1, 9.7.4.1, 10.1-10.8, 10.10, 11.1-11.3, 12.2
21	Nov 16	Authentication protocols, password security Slides for lecture 21 Do strong passwords accomplish anything?, by Florencio, Herley, and Coskun The following paper is optional: It's no secret: Measuring the security and reliability of authentication via 'secret' questions, by Schechter, Brush, and Egelman
22	Nov 18	Authentication and key exchange; mediated key exchange Slides for lecture 22 KPS, Sections 9.7.2-9.7.4
23	Nov 23	Authentication and key exchange Slides for lecture 23 KPS, Sections 11.4-11.8
24	Nov 25	Protocols for mediated authentication. PKI and certification authorities Slides for lecture 24 KPS, Sections 15.1-15.5 10 Risks of PKI: What You're not Being Told about Public Key Infrastructure, by Ellison and Schneier
Network Security in Practice
25	Nov 30	PKI and certification authorities Slides for lecture 25
26	Dec 2	Intrusion detection and firewalls Slides for lecture 26
27	Dec 7	Network security protocols in practice. Introduction to Wireshark. SSL, IPsec, and IKE. Course summary. Slides for lecture 27 KPS, Sections 16.1-16.3, 16.6-16.12; Sections 17.1, 17.2.2, 17.3.1, 17.3.2, 17.5, 18.4-18.6, 19.1-19.8 For more details about network layers, see any book on computer networking; e.g., Section 1.3 of "Computer Networks, a Systems Approach (3rd edition)," by Peterson and Davie. Or see here
28	Dec 9	Privacy-preserving advertising (guest lecture by Dave Levin)
***	Dec 16	Final exam, 1:30-3:30, CSIC 1121

Lecture Schedule

Security Basics and Course Overview

Cryptography: Its Uses and Limitations

System Security

Database Security, Privacy, Anonymity

Programming Language Security

Network Security

Network Security in Practice