CMSC 414: Computer and Network Security

Note All topics for future dates are tentative.

Date	Topic	Readings/handouts
01/25	Introduction	Required reading: "The Security Mindset", Bruce Schneier, (www) Chapter 1 of [Anderson]
	Software Security
01/30	Buffer overflow attacks	Required reading: "Smashing the Stack for Fun and Profit" (pdf) Optional but very useful: GDB quick references and manual
02/01	Buffer overflow attacks and defenses	Required reading: "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks" (pdf) Optional: "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade" (pdf)
02/06	Memory safety: attacks and defenses	Optional: "Basic Integer Overflows" (phrack) "Exploiting Format String Vulnerabilities" (pdf) Original return-oriented programming paper (pdf)
02/08	Malware	Optional: "Hunting for Metamorphic" (pdf)
02/13	Malware case studies	Optional: "A History of Computer Viruses - The Famous Trio" (pdf) "IoT Goes Nuclear..." (pdf)
02/15	SQL injection	Optional: "SQL Injection Attacks by Example" (www)
02/20	Web background and third-party tracking	Required: "Web Security: Are You Part of the Problem?" (www)
02/22	XSS and CSRF	Required: "Cross Site Request Forgery: An introduction..." (pdf)
02/27	Principles of secure software design (slides) and Clickjacking (slides)
03/01	Principles of secure software implementation
03/06	Midterm recap & open problems in software security
03/08	Midterm 1
	Applying Cryptography
03/13	Cryptograph intro	Required: Symmetric key notes
03/15	Symmetric key confidentiality and integrity	Required: Same notes as 03/13 Sam's slides: [1] and [2]
03/20	Spring break
03/22	Spring break
03/27	Public key cryptography	Required reading: Public key notes
03/29	Proving who you are: PKI and TLS	Same notes as 03/27
04/03	- Cryptographic misuse - Hiding who you are: Anonymity	Required reading: Anonymity notes Optional reading: The Dining Cryptographers Problem
04/05	Hiding who you are: Tor	Same notes as 04/03 (and in video) Optional reading: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms Tor: The Second-Generation Onion Router
04/10	Attacks on Tor	Same notes as 04/03 (and in video)
04/12	More attacks on Tor & Crypto protocol analysis	Same notes as 04/03 (and in video)
04/17	Censorship & Networking basics	Optional reading: Alibi Routing Enemies of the Internet Report
04/19	Midterm 2 recap
04/24	Midterm 2
	Network Security
04/26	Networking background
05/01	Networking attacks: DNS	Same slides as 04/26 Highly suggested reading: An illustrated guide to the Kaminsky DNS vulnerability
05/03	Networking attacks: TCP	Same slides as 04/26 Optional reading: Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse
05/08	Networking attacks: TCP (cont'd) & VPN detection	Same slides as 04/26
05/10	Botnets & underground economies	Optional reading: Click Trajectories: End-to-end analysis of the spam value chain Show me the money: Characterizing spam-advertised revenue
05/18	Final exam 10:30am-12:30pm

Web Accessibility