To create effective security mechanisms, you must understand the capabilities of real-world attackers. Practical experience suggests that many security technologies (e.g. firewalls, access control, password protection, vulnerability patching) are not enough for defending against skilled and persistent hackers. ENEE 657 therefore aims to complement an understanding of the design and implementation of secure systems with knowledge of data analytics techniques, to measure the effectiveness of security mechanisms or to infer malicious activity from large volumes of data.
ENEE 657 is a graduate security class. This means that knowledge is not delivered mainly through lectures where you sit back and listen; instead, you will learn by reading, explaining and doing. You will read 2-3 recent papers per week; most of the information from these papers is not covered in any textbook. Before each class you will submit critiques for the papers you read, using a defined written template. During the lecture, selected students will debate the technical merits of the papers using a structured discussion format. You will also apply some of the ideas discussed in a semester long project, for which you are encouraged to form teams with 2+ members. Your grades will be based on background homeworks, paper critiques, class participation, and the course project.
No required textbook. Reading materials will be provided on the course website and/or distributed in class. If you lack the basic background in security, the following textbooks may be helpful:
Your final grade for the course will be based on the following weights:
Paper critiques are due at 12 PM one week before class, unless otherwise indicated.
Project submissions are due at midnight on the indicated days.
Also available as an ical file that you can subscribe to.
# | Date | Topics | Notes | Readings |
---|---|---|---|---|
Part 1: Fundamental Principles | ||||
1 | Mon 08/26 | Introduction to security: trust, threat models, attack vectors and security properties [pdf] |
||
2 | Wed 08/28 | Memory corruption and vulnerability exploits Hands-on lab: Buffer overflow [pdf] |
Homework 1 out | SaltzerSchroeder75 |
Mon 09/02 | Labor Day |
|||
3 | Wed 09/04 | Cryptography: guarantees provided and common misuse patterns [pdf] |
Homework 1 due on Friday, 09/06 | Low-Level Software Security by Example |
4 | Mon 09/09 | Cryptography (continued) |
Cryptographic Misuse in Android Applications | |
5 | Wed 09/11 | OS protection mechanisms: least privilege, reference monitors, confinement [pdf] |
||
6 | Mon 09/16 | Empirical security [pdf] |
SETUID Demystified | |
Wed 09/18 | No lecture |
Pilot-project proposals due | ||
Part 2: Measurements | ||||
7 | Mon 09/23 | Internet-scale measurements |
Mining Your Ps and Qs | |
8 | Wed 09/25 | Internet-scale measurements |
Spamalytics, Click Trajectories | |
9 | Mon 09/30 | Malware |
Infeasibility of Modeling Polymorphic Shellcode | |
10 | Wed 10/02 | Malware |
Summarize the "Prudent practices" paper Pilot-project reports due |
Semantics-aware malware detection, Prudent Practices for Designing Malware Experiments |
11 | Mon 10/07 | Worms |
Group-project proposals due | How to 0wn the Internet in Your Spare Time |
12 | Wed 10/09 | Worms |
Summarize the "Strategies for Sound Internet Measurement" paper | Polygraph, Strategies for Sound Internet Measurement |
13 | Mon 10/14 | Passwords |
The Science of Guessing | |
14 | Wed 10/16 | Passwords |
Summarize the "Quest to Replace Passwords" paper | Modeling Password Guessability Using Neural Networks, The Quest to Replace Passwords |
15 | Mon 10/21 | Account takeover |
Tripwire, Understanding the Risks of Stolen Credentials | |
Wed 10/23 | Project Checkpoint #1 |
|||
16 | Mon 10/28 | Bugs, Vulnerabilities, and Exploits |
Summarize the "Evaluating Fuzz Testing" paper | Evaluating Fuzz Testing, Understanding the Reproducibility of Crowd-reported Security Vulnerabilities |
Part 3: Inference and Prediction | ||||
17 | Wed 10/30 | Cyber risk |
Content Analysis of Cyber Insurance Policies | |
18 | Mon 11/04 | Spear phishing |
Detecting Credential Spearphishing Attacks in Enterprise Settings | |
19 | Wed 11/06 | Spear phishing |
Detecting and Characterizing Lateral Phishing at Scale, Automatically Detecting Vulnerable Websites Before They Turn Malicious | |
20 | Mon 11/11 | How can you tell? |
Causal Reasoning | |
21 | Wed 11/13 | How can you tell? |
Sunlight, Concept Drift in Malware Classification Models | |
Mon 11/18 | Project Checkpoint #2 |
|||
22 | Wed 11/20 | Security predictions |
RiskTeller, Data-driven Prediction of Malware Infections | |
23 | Mon 11/25 | Security predictions |
Predicting impending exposure to malicious content | |
Wed 11/27 | Thanksgiving Recess |
|||
24 | Mon 12/02 | Strategies and autonomy |
Summarize the "Outside the Closed World" paper | The Mayhem Cyber Reasoning System, Outside the Closed World |
25 | Wed 12/04 | Strategies and autonomy |
How Shall We Play A Game | |
Mon 12/09 | Group-Project Presentations |
Created with coursegen. Last updated: 2019-11-01 15:49:46 -0400 [validate xhtml]