ENEE 459D | ENEE 759D | CMSC 858Z :: Course Syllabus

• SDS Home
• Policies
• Syllabus
• Announcements
• Project

Textbooks

No required textbook. Reading materials will be provided on the course website and/or distributed in class.

Prerequisites

• An undergraduate security course, equivalent to CMSC 414 or ENEE459C, or permission from the instructor.
• Good programming skills. Knowledge of languages commonly used in data analysis, like Matlab or R, is a plus.

If you are concerned about these prerequisites please contact the instructor for guidance. We want everyone who is serious about taking this course to get in; we just don't want students to be lost due to lack of background.

Grading

Your final grade for the course will be based on the following weights:

• 50% Written paper critique and class discussion
• 50% Projects
• 10% Subjective evaluation

Different standards will be applied to graduate and undergraduate students. For more information, see grading policy.

Homeworks (paper reviews) are due at 6 PM the evening before class.

Schedule

Also available as an ical file that you can subscribe to.

Date	Topics	Notes	Readings
Mon 09/02	Labor Day (no lecture)
Part 1: Appetite Whetting
Wed 09/04	Introduction to Security Data Science [pptx]	Read the Saltzer & Schroeder paper, but don't submit a review.	SaltzerSchroeder75
Mon 09/09	The business of spam [pptx]	Homework template	Spamalytics
Wed 09/11	Guessing passwords [pptx]	For digging deeper, see the 'Passwords (2)' readings. Homework template	Guessing 70M Passwords
Mon 09/16	Zero-day attacks [pptx]	Homework template	Zero Day Attacks
Wed 09/18	Biases in cybercrime surveys [pptx]	Pilot-projet reports due. Homework template	Sex Lies Surveys
Part 2: Security and InSecurity in the Real World
Mon 09/23	Failures of crypto systems (1)	Pilot-projet reviews due. For digging deeper, see the 'Failures of crypto systems (3)' readings. Homework template	Why Crypto Fails
Wed 09/25	Failures of crypto systems (2)	Homework template	Weak Keys
Mon 09/30	Predicting software vulnerabilities	Group-project proposals due. For more background on software reliability, see the 'Software defects' readings. Homework template	Vista Vulns, Red Hat Vulns
Wed 10/02	Vulnerabilities and exploits	For more background on exploits, see the 'Input validation vulnerabilities' readings. Homework template	Exploit-as-a-Service, VRP
Mon 10/07	Vulnerability disclosures	Read the 'Effect of Vulnerability Finding' paper first. Homework template	Effect of Vulnerability Finding, Milk or Wine
Wed 10/09	Patch dissemination	For digging deeper, see the readings on 'Security patches' Homework template	Windows Update, OpenSSL
Mon 10/14	Anonymity and de-anonymization	For digging deeper, see the 'Anonymity (2)' readings. Homework template	Tor, Netflix
Wed 10/16	Trust	For digging deeper, see the 'Trust (2)' readings. Homework template	Trusting Trust, Bootstrapping Trust
Mon 10/21	Project Checkpoint #1
Part 3: Large Scale Security
Wed 10/23	Worms	Read the paper on the Internet Worm first. Homework template	Internet Worm, How to 0wn the Internet
Mon 10/28	Forensics	Read also the public review of the "Internet Forensic Analysis" paper and Nick Weaver's "Reflections on Witty" (the worm analyzed in the "Underlying Structure" paper) for a better understanding of these topics. Homework template	Internet Forensic Analysis, Underlying Structure
Wed 10/30	Botnets	For digging deeper, see the 'Botnets (2)' readings. Homework template	DNS Analysis, P2P Botnets
Mon 11/04	Spam	For digging deeper, see the 'Spam (2)' readings. Homework template	Network Level, Spam Value Chain
Wed 11/06	DDoS	Homework template	Inferring DOS, Path Identification
Mon 11/11	Project checkpoint #2
Part 4: Advanced Attacks
Wed 11/13	Economic implications of cybercrime	Homework template	Nature of Wealth, Cost of Cybercrime
Mon 11/18	Paying for service	See also the Symantec report for more information on pay-per-install. Homework template	Pay-per-Install, Bitcoin Payments
Wed 11/20	Phishing	For digging deeper, see the 'Phishing II (human factors)' readings. Homework template	Phishing Populations, Automatic Classification
Mon 11/25	Mobile malware	For digging deeper, see the 'Mobile malware II' readings. Homework template	Android Malware, Memento
Wed 11/27	Social networks	For digging deeper, see the 'Twitter spam' readings. Homework template	Identity Theft, Understanding Scam Victims
Thu 11/28	Thanksgiving
Mon 12/02	Reputation-based security	Homework template	Polonium, CAMP
Wed 12/04	Attacks on physical infrastructure	For digging deeper, see the 'Attacks on physical infrastructure (2)' readings. For other advanced attacks that we were not able to cover in class, see the 'Search highjacking', 'Fake anti-virus' and 'Targeted attacks' readings. Homework template	Stuxnet Dossier, Automotive Attack Surfaces
Mon 12/09	Group-Project Presentations	Group-project reports due.
Wed 12/11	Group-Project Presentations
Fri 12/13	Last Day of Classess (no lecture)	Group-project reviews due.
Digging Deeper
Fri 12/13	Passwords (2)		Quest to Replace Passwords, University Passwords
Fri 12/13	Failures of crypto systems (3)		PGP5, Two-Way Radio
Fri 12/13	Software defects		ODC, NVP experiment
Fri 12/13	Input validation vulnerabilities		Low Level, SQL XSS, Evolution
Fri 12/13	Security patches		Silent Updates, Honeymoon effect
Fri 12/13	Anonymity (2)		Email Pseudonyms, Telex
Fri 12/13	Trust (2)		Social Collateral, HTTPS Certificates
Fri 12/13	Botnets (2)		Torpig Takeover, DNS Reputation
Fri 12/13	Spam (2)		Spamming Botnets, Spam Revenue
Fri 12/13	Phishing II (human factors)		Impact of Take-down, Phishing Susceptibility
Fri 12/13	Mobile malware II		TaintDroid, Mobile Device Security, Android Crypto Failures
Fri 12/13	Twitter spam		Political Censorship, Underground Market
Fri 12/13	Attacks on physical infrastructure (2)		Pacemakers and Cardiac Defibrilators, Augmented Reality
Fri 12/13	Search highjacking		Search Redirection, Juice
Fri 12/13	Fake anti-virus		Economy of Fake AV, Rogue AV Campaigns
Fri 12/13	Targeted attacks		Elderwood Project, APT1