No required textbook. Reading materials will be provided on the course website and/or distributed in class. If you lack the basic background in security, the following textbooks may be helpful:
Your final grade for the course will be based on the following weights:
Submit your reviews using
the GRACE system:
submit year semester college course section assignment filename
Example:
submit 2014 fall enee 757 0101 1 passwords.bib
Paper reviews are due at 6 PM the evening before class.
Also available as an ical file that you can subscribe to.
| Date | Topics | Notes | Readings |
|---|---|---|---|
| Part 1: Basics | |||
| Wed 09/03 | Introduction [pdf] |
||
| Mon 09/08 | Statistical Inference [pdf] |
Pilot-project proposals due. Read the 'Detailed Reconstruction' paper, but don't submit a review. |
Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event |
| Wed 09/10 | Cryptography review [pdf] |
||
| Mon 09/15 | Cryptography review (cont'd) and adversary models [pdf] |
||
| Wed 09/17 | Guest lecture: Dana Dachman-Soled Secure multi-party computation |
||
| Mon 09/22 | Trusted computing [pdf] |
Pilot-projet reports due. | Flicker |
| Part 2: Authentication and Access Control in Distributed Systems | |||
| Wed 09/24 | Passwords [pdf] |
Homework template Pilot-projet reviews due |
The Quest to Replace Passwords |
| Mon 09/29 | Biometrics [pdf] |
Homework template Group-project proposals due. |
Making Experiments Dependable |
| Wed 10/01 | Scalable authentication [pdf] |
Homework template | Designing an Authentication System |
| Mon 10/06 | Authorization logic [pdf] |
Homework template | Authentication in the Taos Operating System |
| Wed 10/08 | Usable access control [pdf] |
Homework template | Exploring Reactive Access Control |
| Part 3: Network Security | |||
| Mon 10/13 | Security of Internet protocols - IP, UDP, TCP [pdf] |
Homework template | Misbehaving TCP receivers can cause Internet-wide congestion collapse |
| Wed 10/15 | Security of Internet protocols - BGP, DNS [pdf] |
Homework template | BGP Security in Partial Deployment: Is the Juice Worth the Squeeze? |
| Mon 10/20 | Web authentication and session hijacking [pdf] |
Homework template | The Dos and Don'ts of Client Authentication on the Web |
| Wed 10/22 | Project Checkpoint #1 |
||
| Mon 10/27 | Web security model [pdf] |
Homework template | All Your iFRAMEs Point to Us |
| Wed 10/29 | SSL/TLS and the public key infrastructure [pdf] |
Homework template | Mining Your Ps and Qs |
| Mon 11/03 | Patch deployment and certificate revocation [pdf] |
Homework template | Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed |
| Wed 11/05 | Guest lecture: Michelle Mazurek |
||
| Part 4: Distributed Infrastructures Supporting Cybercrime | |||
| Mon 11/10 | Memory corruption exploits [pdf] |
Homework template | Automatic Patch-Based Exploit Generation |
| Wed 11/12 | Worms and infection spreading [pdf] |
Homework template | How to 0wn the Internet in Your Spare Time |
| Mon 11/17 | Project checkpoint #2 |
||
| Wed 11/19 | DDoS - mechanisms [pdf] |
Homework template | Inferring Internet Denial-of-Service Activity |
| Mon 11/24 | DDoS - detection and protection [pdf] |
Homework template | STRIDE: Sanctuary Trail – Refuge from Internet DDoS Entrapment |
| Wed 11/26 | Botnets [pdf] |
Homework template | EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis |
| Mon 12/01 | Botnets (cont'd) and spam [pdf] |
Homework template | Spamalytics |
| Wed 12/03 | Reputation-based security [pdf] |
Homework template | Guilt by-Association: Large Scale Malware Detection by Mining File-relation Graphs |
| Mon 12/08 | Group-Project Presentations |
Group-project reports due. | |
| Wed 12/10 | Group-Project Presentations |
||
| Fri 12/12 | Last Day of Classess (no lecture) |
Group-project reviews due. | |
Created with coursegen. Last updated: 2014-12-03 14:08:52 -0500 [validate xhtml]