18-487 Fall 2011 Schedule

Tentative and likely to change!





Mon Aug 29


ECE academic integrity policy
CMU policy on cheating
CMU computing policy



Wed Aug 31

Security properties; adversaries; grand challenges



Mon Sep 5

Labor Day; no class



Wed Sep 7

Introduction to cryptography



Mon Sep 12

Introduction to cryptography



Wed Sep 14

Introduction to cryptography



Mon Sep 19

Side-channel attacks

Vaudenay02, Blechenbacher98 (optional)

HW 1a due

Wed Sep 21

Cryptographic protocols



Mon Sep 26

Cryptographic protocols in practice [Anupam Datta]

Chaum81, Chaum88

HW 1b due

Wed Sep 28

Exam 1



Mon Oct 3

Firewalls and network intrusion detection



Wed Oct 5

Routing and BGP [Limin Jia]



Mon Oct 10

Intro to software and host security; buffer overflows

Aleph, blexim02, Cowan+03


Wed Oct 12

Web attacks and defenses



Mon Oct 17

Usable security [Lorrie Cranor]


Bring laptops to class!

Wed Oct 19

Usable security [Lorrie Cranor]



Mon Oct 24

Access control



Wed Oct 26

Access control



Mon Oct 31

Exam 2



Wed Nov 2

Access control



Mon Nov 7

Software security architectures (isolation, virtual machines)



Wed Nov 9

Software security architectures (trusted computing)



Mon Nov 14

Trusted computing and attestation



Wed Nov 16

Economics of security [Nicolas Christin]



Mon Nov 21

Software model checking



Wed Nov 23

Thanksgiving holiday; no class



Mon Nov 28

Static and dynamic analysis



Wed Nov 30

Language-based security and wrap up



Mon Dec 5

Exam 3



Wed Dec 7

No class





[Aleph] Aleph One. Smashing the stack for fun and profit. Phrack, Volume 7, Issue 49. http://insecure.org/stf/smashstack.html

[Bleichenbacher98] D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Advances in Cryptology – CRYPTO ’98. Lecture Notes in Computer Science, Volume 1462, 1–12.  Springer, 1998. http://dx.doi.org/10.1007/BFb0055716 (accessible from CMU network)

[blexim02] blexim. Basic integer overflows. Sections 1-3. Phrack, Volume 10, Issue 60, 2002. http://www.phrack.org/issues.html?issue=60&id=10

[BFMR10] K. Butler, T.R. Farley, P. McDaniel, and J. Rexford.  A survey of BGP security issues and solutions. Proceedings of the IEEE, Volume 98, Issue 1, 100–122, 2010. http://dx.doi.org/10.1109/JPROC.2009.2034031

[Chaum81] D. L. Chaum.  Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM. Volume 24, Issue 2. ACM, 1981.  http://dx.doi.org/10.1145/358549.358563

[Chaum88] D. L. Chaum.  The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology.  Volume 1, Issue 1.  1988.  [On Blackboard]

[Cowan+03] C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. In Proceedings of the Foundations of Intrusion Tolerant Systems, 2003. http://dx.doi.org/10.1109/FITS.2003.1264935

[Cranor08] L. Cranor. A Framework for Reasoning About the Human in the Loop. In Proceedings of the 1st Conference on Usability, Psychology and Security, 2008. http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf

[Lampson+92] B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems. Volume 10, Issue 4.  1992.   http://doi.acm.org/10.1145/138873.138874

[Mitnick11] K. Mitnick and W. L. Simon. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. 2011.

[PP97] Pfleeger & Pfleeger. Chapter 2 of Security in Computing, 2nd edition. Prentice Hall, 1997.  [On Blackboard]

[Vaudenay02] S. Vaudenay. Security Flaws Induced by CBC Padding — Applications to SSL, IPSEC, WTLS... In Advances in Cryptology – EUROCRYPT 2002. Lecture Notes in Computer Science, Volume 2332, 534–545. Springer, 2002.  http://dx.doi.org/10.1007/3-540-46035-7_35 (accessible from CMU network)