18-487 Fall 2011 Schedule

Tentative and likely to change!

Date

Topic

Readings

Notes

Mon Aug 29

Introduction

ECE academic integrity policy
CMU policy on cheating
CMU computing policy

Mitnick11

 

Wed Aug 31

Security properties; adversaries; grand challenges

 

 

Mon Sep 5

Labor Day; no class

 

 

Wed Sep 7

Introduction to cryptography

PP97

 

Mon Sep 12

Introduction to cryptography

 

 

Wed Sep 14

Introduction to cryptography

 

 

Mon Sep 19

Side-channel attacks

Vaudenay02, Blechenbacher98 (optional)

HW 1a due

Wed Sep 21

Cryptographic protocols

 

 

Mon Sep 26

Cryptographic protocols in practice [Anupam Datta]

Chaum81, Chaum88

HW 1b due

Wed Sep 28

Exam 1

 

 

Mon Oct 3

Firewalls and network intrusion detection

 

 

Wed Oct 5

Routing and BGP [Limin Jia]

BFMR10

 

Mon Oct 10

Intro to software and host security; buffer overflows

Aleph, blexim02, Cowan+03

 

Wed Oct 12

Web attacks and defenses

 

 

Mon Oct 17

Usable security [Lorrie Cranor]

Cranor08

Bring laptops to class!

Wed Oct 19

Usable security [Lorrie Cranor]

 

 

Mon Oct 24

Access control

Lampson+92

 

Wed Oct 26

Access control

 

 

Mon Oct 31

Exam 2

 

 

Wed Nov 2

Access control

 

 

Mon Nov 7

Software security architectures (isolation, virtual machines)

 

 

Wed Nov 9

Software security architectures (trusted computing)

 

 

Mon Nov 14

Trusted computing and attestation

 

 

Wed Nov 16

Economics of security [Nicolas Christin]

 

 

Mon Nov 21

Software model checking

 

 

Wed Nov 23

Thanksgiving holiday; no class

 

 

Mon Nov 28

Static and dynamic analysis

 

 

Wed Nov 30

Language-based security and wrap up

 

 

Mon Dec 5

Exam 3

 

 

Wed Dec 7

No class

 

 

 

 

[Aleph] Aleph One. Smashing the stack for fun and profit. Phrack, Volume 7, Issue 49. http://insecure.org/stf/smashstack.html

[Bleichenbacher98] D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Advances in Cryptology – CRYPTO ’98. Lecture Notes in Computer Science, Volume 1462, 1–12.  Springer, 1998. http://dx.doi.org/10.1007/BFb0055716 (accessible from CMU network)

[blexim02] blexim. Basic integer overflows. Sections 1-3. Phrack, Volume 10, Issue 60, 2002. http://www.phrack.org/issues.html?issue=60&id=10

[BFMR10] K. Butler, T.R. Farley, P. McDaniel, and J. Rexford.  A survey of BGP security issues and solutions. Proceedings of the IEEE, Volume 98, Issue 1, 100–122, 2010. http://dx.doi.org/10.1109/JPROC.2009.2034031

[Chaum81] D. L. Chaum.  Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM. Volume 24, Issue 2. ACM, 1981.  http://dx.doi.org/10.1145/358549.358563

[Chaum88] D. L. Chaum.  The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology.  Volume 1, Issue 1.  1988.  [On Blackboard]

[Cowan+03] C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. In Proceedings of the Foundations of Intrusion Tolerant Systems, 2003. http://dx.doi.org/10.1109/FITS.2003.1264935

[Cranor08] L. Cranor. A Framework for Reasoning About the Human in the Loop. In Proceedings of the 1st Conference on Usability, Psychology and Security, 2008. http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf

[Lampson+92] B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems. Volume 10, Issue 4.  1992.   http://doi.acm.org/10.1145/138873.138874

[Mitnick11] K. Mitnick and W. L. Simon. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. 2011.

[PP97] Pfleeger & Pfleeger. Chapter 2 of Security in Computing, 2nd edition. Prentice Hall, 1997.  [On Blackboard]

[Vaudenay02] S. Vaudenay. Security Flaws Induced by CBC Padding — Applications to SSL, IPSEC, WTLS... In Advances in Cryptology – EUROCRYPT 2002. Lecture Notes in Computer Science, Volume 2332, 534–545. Springer, 2002.  http://dx.doi.org/10.1007/3-540-46035-7_35 (accessible from CMU network)