18-739 Class Schedule

Meeting Date Lecture

Reading/Lecture Slides

Tue. 28-Aug-07
Course Overview + Cryptography: Basic Primitives
Lecture: Course Overview (pdf)
             CryptographyOverview (pdf)
Optional: Cryptography Slides (pdf)
Scribe Notes: Aakash Shah
Thu. 30-Aug-07
Bug Finding: Model Checking: Overview and the Murphi tool
Lecture: Model Checking (pdf)
Automated Analysis of Cryptographic Protocols Using Murphi

Scribe Notes: Luca Parolini
Fri. 01-Sep-07 Murphi Lab - Room CIC 1301
CTL Model Checking(pdf)-David Dill
Murφ:A Retrospective(pdf)-David Dill
Tue. 04-Sep-07
Bug Finding: Model checking: SSL/TLS Case Study
Lecture: SSL (pdf)
Finite-State Analysis of SSL 3.0

Scribe Notes: Shihong Ng
HW1 out
Thu. 06-Sep-07
Protocol Examples: JFK, Anonymity Protocols
Lecture: JFK (pdf)
             Anonymity Protocols (pdf)
Derivation of the JFK Protocol
Untraceable Electronic Mail ...
Dining Cryptographers ...
Tor: The Second-Generation Onion Router
Scribe Notes: Christopher Szilagyi
Fri. 08-Sep-07 AVISPA Lab - Room CIC 1301
AVISPA Slides (pdf) 
Tue. 11-Sep-07
Proving Security: Inductive Method
Lecture: Inductive Method (pdf)
The Inductive Approach to Verifying Cryptographic Protocols
Thu. 13-Sep-07
Proving Security: Protocol Logics: BAN, Protocol Composition Logic (PCL) I
Lecture: BAN, PCL-I (pdf)

Background in Logic: Sections 3.1-3.4 of Dynamic Logic by Harel, Kozen, Tiuryn
Protocol Composition Logic (PCL)
Optional: A Logic of Authentication, BAN slides (Harper)
Tue. 18-Sep-07
Proving Security: Protocol Composition Logic (PCL) II
Lecture: PCL-II (pdf)
Protocol Composition Logic (PCL) (Section 6)
Abstraction and Refinement in Protocol Derivation
HW1 due
Thu. 20-Sep-07
Proving Security: Process Calculi
Lecture: Applied Pi Calculus (pdf)
Mobile values, New names, and Secure communication
Optional: Just Fast Keying in the Pi Calculus
Scribe Notes: Kumar Avijit
Fri. 21-Sep-07 Prism Lab - Room CIC 1301
Probabilistic Model Checking for Security Protocols - Vitaly Shmatikov
Grid-enabled Probabilistic Model Checking with PRISM - Zhang et. al.
Formal Verification and Simulation for Performance Analysis for Probabilistic Broadcast Protocols - Ansgar Fehnker
Parallel and Distributed Methods in Probabilistic Model Checker PRISM - Marta Kwiatkowska
Probabilistic Model Checking of Randomised Distributed Protocols using PRISM - Dave Parker
Tue. 25-Sep-07
Model Checking C Code: Foundations (Sagar Chaki)

Lecture: Model Checking C Code : Foundations

Optional Reading:

Predicate Abstraction: Construction of abstract state graphs with PVS

Abstraction Refinement for C: Automatically Validating Temporal Safety
Properties of Interfaces

Software Model Checking Technology Transfer: SLAM and Static Driver
Verifier: Technology Transfer of Formal Methods inside Microsoft

Scribe Notes: Inbae Lee

Thu. 27-Sep-07
Model Checking C Code: Security Applications (Sagar Chaki)
Lecture: Model Checking C Code : Security Applications

Optional Reading:

OpenSSL Verification: Modular Verification of Software Components in C

Large-Scale Application: Model Checking One Million Lines of C Code

Verifying Memory Safety: Checking Memory Safety with Blast

Scribe Notes: Marwan Abi-Antoun
Tue. 2-Oct-07
Student Presentations: Project Proposals I
Proposals: See Blackboard
Project proposals due
Thu. 4-Oct-07
Student Presentations: Project Proposals II
Proposals: See Blackboard 
Tue. 9-Oct-07
Cryptographic Soundness: Correspondence Theorems
       Correspondence Theorems (pdf)
Soundness of Formal Encryption in the Presence of Active Adversaries
Scribe notes: Jason Franklin  
Thu. 11-Oct-07
Cryptographic Soundness: Computational PCL (Dilsun Kaynar)
Lecture: Computational Soundness for PCL (pdf)
Probabilistic Polynomial-time Semantics for a Protocol Security Logic Scribe Notes: Ramu Panayappan
Tue. 16-Oct-07
Distributed Access Control: Overview (Deepak Garg)
Lecture: Distributed Access Control Overview
An Introduction to Proof Carrying Authorization
Authentication in Distributed Systems: Theory and Practice
SPKI/SDSI Certificates
SPKI Certificate Theory (RFC 2693)
PGP (RFC 2440)
Scribe Notes: Preston Mesick
Thu. 18-Oct-07
Distributed Access Control: Grey System Case Study (Lujo Bauer)
Lecture: Access Control in the Grey System
Device-enabled Authorization in the Grey System
Distributed Proving in Access-control Systems
Scribe Notes: Napat Boonsaeng
Tue. 23-Oct-07
Distributed Access Control: Logics (Deepak Garg)
Lecture: Distributed Access Control Logics
Constructive Authorization Logic
Optional: ABLP Logic
Scribe Notes: Deepak Garg
Thu. 25-Oct-07
Distributed Access Control: Trust Management Overview
     Trust Management Overview(pdf)
Decentralized Trust Management
Design of A Role-based Trust-management Framework
Scribe Notes: Arvind Seshadri
Tue. 30-Oct-07
Distributed Access Control: Trust Management Language RT

Lecture: RT and Distributed Credential Discovery (pdf)
Design of A Role-based Trust-management Framework
Distributed Credential Chain Discovery in Trust Management
Optional Reading:
Logic Programming Background w/ Slides (Li)
Scribe Notes: Wesley Jin

Thu. 1-Nov-07
Privacy: Overview
Lecture: Privacy Overview (pdf)
Overview article in Stanford Encyclopedia of Philosophy
Gavison's "Privacy and the Limits of Law" (no online version)
Optional Reading:
Protecting Respondents' Identities in Microdata Release
Toward Privacy in Public Databases
Scribe Notes: Michael Kaufman
Tue. 6-Nov-07
Privacy: Policy Languages - EPAL (Michael Tschantz)
Lecture: EPAL
EPAL Specification
A Toolkit for Managing Enterprise Privacy Policies
Scribe Notes: Michael Tschantz
Thu. 8-Nov-07
Privacy: Contextual Integrity & LPU
Lecture: Formalizing Contextual Integrity (pdf)
Privacy and Contextual Integrity: Framework and Applications
Privacy and Utility in Business Processes
Optional Reading:
Privacy as Contextual Integrity
Scribe Notes: Evan Wright
Tue. 13-Nov-07
Privacy: P3P (Lorrie Cranor)
      Web site privacy using P3P (pdf)
P3P Deployment on Websites
Scribe Notes: Nathaniel Gist
Thu. 15-Nov-07
Language-based Security: Overview + Cyclone
Lecture: Language-based Security Overview (pdf), Cyclone
Cyclone: A safe dialect of C
Type Systems (Sections 1-3)
Mathematical Models of Computer Security (Section 5)
Scribe Notes: Rupsha Chaudhuri
HW2 out
Tue. 20-Nov-07
Language-based Security: Information Flow
Lecture: Language-based Enforcement of Non-interference (pdf)
Certification of programs for secure information flow
A Sound Type System for Secure Flow Analysis
Scribe Notes: Hayan Lee
Thu. 22-Nov-07
Tue. 27-Nov-07
Language-based Security: Jif (Kumar Avijit)
Lecture: Jif
Protecting Privacy using the Decentralized Label Model
JFlow: Practical Mostly-Static Information Flow Control
Secure web applications via automatic partitioning
Scribe Notes: Rob Simmons
Thu. 29-Nov-07
Student Presentations: Project Report I
Tue. 4-Dec-07
Student Presentations: Project Report II
  HW2 due
Thu. 6-Dec-07
Lecture: Course Review  
Project code/models + report due