18-487 Fall 2011 Schedule
Tentative and likely
to change!
|
Date |
Topic |
Readings |
Notes |
|
Mon Aug 29 |
Introduction |
ECE academic integrity
policy |
|
|
Wed Aug 31 |
Security properties;
adversaries; grand challenges |
|
|
|
Mon Sep 5 |
Labor
Day; no class |
|
|
|
Wed Sep 7 |
Introduction to
cryptography |
|
|
|
Mon Sep 12 |
Introduction to
cryptography |
|
|
|
Wed Sep 14 |
Introduction to cryptography |
|
|
|
Mon Sep 19 |
Side-channel
attacks |
Vaudenay02, Blechenbacher98
(optional) |
HW 1a due |
|
Wed Sep 21 |
Cryptographic
protocols |
|
|
|
Mon Sep 26 |
Cryptographic
protocols in practice [Anupam Datta] |
HW 1b due |
|
|
Wed Sep 28 |
Exam
1 |
|
|
|
Mon Oct 3 |
Firewalls and
network intrusion detection |
|
|
|
Wed Oct 5 |
Routing and BGP [Limin Jia] |
|
|
|
Mon Oct 10 |
Intro to software
and host security; buffer overflows |
|
|
|
Wed Oct 12 |
Web attacks and
defenses |
|
|
|
Mon Oct 17 |
Usable security
[Lorrie Cranor] |
Bring laptops to
class! |
|
|
Wed Oct 19 |
Usable security
[Lorrie Cranor] |
|
|
|
Mon Oct 24 |
Access control |
|
|
|
Wed Oct 26 |
Access control |
|
|
|
Mon Oct 31 |
Exam
2 |
|
|
|
Wed Nov 2 |
Access control |
|
|
|
Mon Nov 7 |
Software security
architectures (isolation, virtual machines) |
|
|
|
Wed Nov 9 |
Software security
architectures (trusted computing) |
|
|
|
Mon Nov 14 |
Trusted computing
and attestation |
|
|
|
Wed Nov 16 |
Economics of
security [Nicolas Christin] |
|
|
|
Mon Nov 21 |
Software model
checking |
|
|
|
Wed Nov 23 |
Thanksgiving
holiday; no class |
|
|
|
Mon Nov 28 |
Static and dynamic
analysis |
|
|
|
Wed Nov 30 |
Language-based
security and wrap up |
|
|
|
Mon Dec 5 |
Exam
3 |
|
|
|
Wed Dec 7 |
No
class |
|
|
[Aleph] Aleph One. Smashing
the stack for fun and profit. Phrack, Volume 7, Issue 49. http://insecure.org/stf/smashstack.html
[Bleichenbacher98] D. Bleichenbacher.
Chosen ciphertext attacks against protocols based on
the RSA encryption standard PKCS #1. In Advances in Cryptology CRYPTO 98. Lecture Notes in Computer Science, Volume 1462, 112. Springer, 1998. http://dx.doi.org/10.1007/BFb0055716
(accessible from CMU network)
[blexim02]
blexim. Basic integer overflows. Sections 1-3. Phrack, Volume 10, Issue 60, 2002. http://www.phrack.org/issues.html?issue=60&id=10
[BFMR10] K. Butler, T.R. Farley, P. McDaniel, and J. Rexford. A survey of BGP security issues and solutions. Proceedings of the IEEE, Volume 98, Issue 1, 100122, 2010. http://dx.doi.org/10.1109/JPROC.2009.2034031
[Chaum81] D. L. Chaum. Untraceable electronic mail, return
addresses, and digital pseudonyms. Communications of the ACM. Volume 24, Issue 2. ACM, 1981. http://dx.doi.org/10.1145/358549.358563
[Chaum88] D. L. Chaum. The dining cryptographers
problem: Unconditional sender and recipient untraceability.
Journal of Cryptology. Volume 1, Issue 1. 1988.
[On Blackboard]
[Cowan+03] C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: attacks
and defenses for the vulnerability of the decade. In Proceedings of the Foundations of Intrusion
Tolerant Systems, 2003. http://dx.doi.org/10.1109/FITS.2003.1264935
[Cranor08] L. Cranor. A
Framework for Reasoning About the Human in the Loop. In Proceedings of the 1st
Conference on Usability, Psychology and Security, 2008. http://www.usenix.org/events/
[Lampson+92] B. Lampson, M. Abadi, M. Burrows, and E. Wobber.
Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems.
Volume 10, Issue 4. 1992. http://doi.acm.org/10.1145/138873.138874
[Mitnick11] K. Mitnick and W. L. Simon. Ghost in the Wires: My Adventures as the
Worlds Most Wanted Hacker. 2011.
[PP97] Pfleeger & Pfleeger. Chapter 2 of Security in
Computing, 2nd edition. Prentice Hall,
1997. [On Blackboard]
[Vaudenay02] S. Vaudenay. Security Flaws Induced by CBC Padding Applications to SSL, IPSEC, WTLS... In Advances in Cryptology EUROCRYPT 2002. Lecture Notes in Computer Science, Volume 2332, 534545. Springer, 2002. http://dx.doi.org/10.1007/3-540-46035-7_35 (accessible from CMU network)