Lecture Schedule

Security Basics and Course Overview

• [Jan 26: Lecture 1] Introduction, course overview, and why security is harder than it looks
  Slides for lecture 1
  Additional reading:
  • Reflections on Trusting Trust, by Thompson
  • Inside the Twisted Mind of the Security Professional, by Schneier
  • We are All Security Customers, by Schneier
  • Information Security and Externalities, by Schneier.
  • Preface and Chapter 1 of Security Engineering (1st edition), by Anderson

Cryptography: Its Uses and Limitations

• [Jan 31: Lecture 2] Introduction to cryptography; private-key encryption
  Slides for lecture 2
  Additional reading:
  • Sections 1.1, 1.2, and 1.3 of Introduction to Modern Cryptography, by Katz and Lindell
  
  
• [Feb 2: Lecture 3] Private-key encryption, the one-time pad, computational security, pseudorandom generators
  Slides for lecture 3
  
  
• [Feb 7: Lecture 4] Private-key encryption, randomized encryption
  Slides for lecture 4
  
  
• [Feb 9: Lecture 5] Modes of encryption, message authentication
  Slides for lecture 5
  
  
• [Feb 14: Lecture 6] Message authentication, hashing, authenticated encryption. Diffie-Hellman key exchange, the public-key setting
  Slides for lecture 6
  
  
• [Feb 16: Lecture 7] The public-key setting, public-key encryption
  Slides for lecture 7
  
  
• [Feb 21: Lecture 8] Hybrid encryption, non-malleability and security against chosen-ciphertext attacks. Digital signatures
  Slides for lecture 8
  
  
• [Feb 23: Lecture 9] Crypto pitfalls and case studies
  Slides for lecture 9
  Additional reading:
  Required:
  • Essays:
    • Why Cryptography is Harder than it Looks, by Schneier
    • Risks of Relying on Cryptography, by Schneier
    • Security Pitfalls in Cryptography, by Schneier
  • Why Cryptosystems Fail, by Anderson
  
  Optional (covered in, or related to, class; read only if interested):
  • Lessons Learned in Implementing and Deploying Crypto Software, by Gutmann
  • Analysis of the WinZip Encryption Method, by Kohno
  • Padding oracle attacks:
    • Padding Oracle Attacks on the ISO CBC Mode Encryption Standard, by Paterson and Yau
    • Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET, by Duong and Rizzo
    • Practical Padding Oracle Attacks, by Rizzo and Duong
  
  
• [Feb 28: Lecture 10] Crypto pitfalls, circumventing crypto, side-channel attacks
  Slides for lecture 10
  Additional reading:
  Required:
  • WEP insecurity:
    • Intercepting Mobile Communications: The Insecurity of 802.11, by Borisov et al.
    • Security Problems in 802.11-Based Networks, by Housley and Arbaugh
  • Analysis of an Electronic Voting System, by Kohno et al.
  
  Optional (covered in, or related to, class; read only if interested):
  • Remote Timing Attacks are Practical, by Brumley and Boneh
  • Lest We Remember: Cold Boot Attacks on Encryption Keys, by Halderman et al.
  • Plaintext Recovery Attacks Against SSH (Sections 1-3 only), by Albrecht et al.
  • WEP insecurity:
    • A Key Recovery Attack on the 802.11b Wired Equivalent Privacy Protocol (WEP), by Stubblefield et al.
    • The Final Nail in WEP's Coffin, by Bittau et al.
    • The Dangers of Mitigating Security Design Flaws: A Wireless Case Study, by Petroni and Arbaugh

Network Security Principles

• [Mar 1: Lecture 11] Authentication overview. Biometric authentication
  Slides for lecture 11
  
  
• [Mar 6: Lecture 12] Passwords and password-based authentication
  Slides for lecture 12
  Additional reading (optional):
  • Do Strong Passwords Accomplish Anything?, by Florencio, Herley, and Coskun
  • Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords, by Weir et al.
  
  
• [Mar 8: Lecture 13] Symmetric- and public-key authentication. Mutual authentication and key exchange
  Slides for lecture 13
  
  
• [Mar 13: Lecture 14] Authenticated key exchange. Mediated authentication and key exchange. PKI and certification authorities
  Slides for lecture 14
  
  
• [Mar 15: Lecture 15] *** Midterm Exam ***
  
  
• [Mar 27: Lecture 16] PKI and certification authorities. Midterm exam review
  Slides for lecture 16

System Security

• [Mar 29: Lecture 17] General principles of system security. Authorization and access control
  Slides for lecture 17
  Additional reading (optional):
  • The Protection of Information in Computer Systems, by Saltzer and Schroeder
  
  
• [Apr 3: Lecture 18] ACLs and capabilities
  Slides for lecture 18
  Additional reading (optional):
  • The Confused Deputy (or: Why Capabilities Might Have Been Invented), by Hardy
  
  
• [Apr 5: Lecture 19] Access control models
  Slides for lecture 19

Programming-Language Security

• [Apr 10: Lecture 20] Buffer-overflow attacks
  Slides for lecture 20
  Additional reading:
  • Smashing the Stack for Fun and Profit," by Aleph One
  • Read all the following tutorials by Stephen Bradshaw (these will also be very helpful for HW3):
    • Debugging Fundamentals for Exploit Development: part 1 and part 2
    • Stack Based Buffer Overflow Tutorial: part 1, part 2, and part 3.
  Additional reading (optional):
  • ASLR Smack & Laugh Reference, by Müller
  
  
• [Apr 12: Lecture 21] Buffer-overflow attacks and defenses
  Slides for lecture 21
  
  
• [Apr 17: Lecture 22] Buffer-overflow defenses and counterattacks.
  Slides for lecture 22
  
  
• [Apr 19: Lecture 23] SQL injection, web security (XSS/CSRF attacks)
  Slides for lecture 23
  Additional reading:
  • Cross-Site Request Forgeries: Exploitation and Prevention, by Zeller and Felten
  
  
• [Apr 24: Lecture 24] Web attacks and defenses.
  Slides for lecture 24
  

Privacy/Anonymity

• [Apr 26: Lecture 25] Database privacy.
  Slides for lecture 25
  Additional reading (optional):
  • Database privacy:
    • Maintaining Patient Confidentiality..., by Sweeney
    • Security-Control Methods for Statistical Databases: A Comparative Study, by Adam and Wortmann, Sections 1-5
  • Privacy in social networks:
    • De-anonymizing Social Networks, by Narayanan and Shmatikov
  • Privacy on the web:
    • DoNotTrack.us
  • Anonymous communication:
    • Tor: The Second-Generation Onion Router, by Dingledine, Mathewson, and Syverson
    • The Tor project
  
  

Network Security in Practice

• [May 1: Lecture 26] Network security protocols in practice. SSL.
  Slides for lecture 26
  
  
• [May 3: Lecture 27] (Guest lecture by Jeff Stuckman.) Control-flow integrity, taint tracking.
  Slides for lecture 27
  Additional reading (optional):
  • The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86), by Shacham
  • Control-Flow Integrity, by Abadi et al.
  
  

  ---

• [May 8: Lecture 28] IPsec and IKE. Intrusion detection.
  Slides for lecture 28
  Additional reading (optional):
  • Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, by Ptacek and Newsham
  • Outside the Closed World: On Using Machine Learning for Network Intrusion Detection, by Sommer and Paxson
  
  
  
• [May 10: Lecture 29] Final exam