| Date | Topic |
| |
|
Introduction
|
| |
Aug 27
|
Course overview ( slides 1)
Reading:
Reflections on Trusting Trust, Ken Thompson (Optional)
Botnets, Cybercrime, and Cyberterrorism:
Vulnerabilities and Policy Issues for Congress
(Congressional Research Services report) (Optional)
|
| |
Sep 1
|
No Lecture
|
| |
|
Part 1: Introduction to Cryptography
|
| |
Sep 3
|
Secret key encryption ( Slides 2, Notes 1 and 2)
Reading:
G 11.1, 11.5.1, 11.5.2
PP 4.1, 4.4 (Optional), A 5.1, 5.3.3 (Optional)
|
| |
Sep 8
|
Public key encryption (slides 3, public key encryption notes)
Reading:
G 11.2, 11.5.3, 11.5.4
PP 2.7 (Optional), A 5.3.4, 5.7.1 (Optional)
|
| |
Sep 10
|
Hash functions, MACs, Digital signatures (slides 4)
Reading:
G 11.3, 11.4
PP 2.8 (Optional), A 5.5.6, 5.6, 5.7 (Optional)
|
| |
Sep 15
|
Authentication and key exchange protocols ( slides 5 )
Reading:
G 12.1-12.4, 13.4
|
| |
Sep 17
|
password authentication, random number generator ( slides 6, random number generator notes )
|
| |
Sep 22
|
Secret sharing and ZKP ( slides 7, secret sharing notes )
|
| |
Sep 24
|
ZKP and Case study: how real-world crypto systems break ( slides 8, zkp notes )
Reading:
Security Analysis of a Cryptographically-Enabled RFID Device (Optional)
Intercepting Mobile Communications: The Insecurity of 802.11 (Optional)
|
| |
|
Part 2: Software Security
|
| |
Sep 29
|
Buffer overflows and other common bugs ( slides 9)
Reading:
G14.1-14.6
Smashing The Stack For Fun And Profit, Aleph One
Basic Integer Overflows, blexim
Exploiting Format String Vulnerabilities, team teso (Optional)
|
| |
Oct 1
|
Runtime Defenses against Memory Safety Vulnerabilities ( slides 10)
Reading:
Buffer Overflows: Attacks and Defenses for the Vulnerability of
the Decade, Crispin Cowan, et al.
|
| |
Oct 6
|
Tools for finding bugs ( slides 11)
Reading:
White box fuzzing, by P. Godefroid et al. (Optional)
How hackers look for bugs by Dave Aitel (Optional)
Real world fuzzing, by Charlie Miller (Optional)
|
| |
Oct 8
|
Program verification and other vulnerabilities ( slides 12, notes 1, notes 2 )
Reading:
Finding User/Kernel Pointer Bugs With Type Inference (Section 2, Optional)
|
| |
Oct 13
|
Case Study: Breaking Vista's exploitation mitigation mechanisms (Alexander Sotirov) ( slides 13)
Reading:
Bypassing browser memory protections in Windows Vista (Optional)
|
| |
Oct 15
|
Midterm Review (I) ( slides 14)
Reading:
|
| |
Oct 20
|
Midterm Review (II) ( slides 15)
|
| |
Oct 22
|
Midterm
|
| |
|
Part 3: OS Security
|
| |
|
Oct 27
|
Principles in OS Security; Mechanisms for confining bad code (I): privilege separation ( slides 16)
Reading:
Preventing privilege escalation, Provos et al. 2003
Privtrans: Automatic Privilege Separation, Brumley and Song 2004 (Optional)
The Protection of Information in Computer Systems
J.H. Saltzer and M.D. Schroeder (Optional)
|
| |
|
Oct 29
|
Mechanisms for confining bad code (II): isolation and sandboxing ( slides 17)
Reading:
A note on the confinement problem, Butler Lampson
Traps and Pitfalls: Practical Problems in System Call Interposition
Based Security Tools,
T. Garfinkel (Optional)
|
| |
Nov 3
|
Mechanisms for confining bad code (III): SFI and Virtualization ( slides 18)
Reading:
Efficient Software-Based Fault Isolation, Robert Wahbe, et al.
|
| |
Nov 5
|
Trusted Computing ( slides 19)
Reading:
Experimenting with TCG Hardware, Marchesini, et al.
TCG Specification Architecture Overview
A Virtual Machine-Based Platform for Trusted Computing,
Garfinkel et al.
|
| |
|
Part 4: Web Security
|
| |
Nov 10
|
Secure web site design (SQL injection, XSS, etc.) ( slides 20)
Reading:
Cross site scripting explained, Amit Klein
SQL Injection attacks, Chris Anley
Robust Defenses for Cross-Site Request Forgery (Optional)
|
| |
Nov 12
(inv)
|
Browser Security ( slides 21)
Reading:
Secure Frame Communications in Browsers
Why Phishing Works
|
| |
|
Part 5: Network security
|
| |
Nov 17
|
Security problems in network protocols: TCP/IP, DDoS Attacks ( slides 22)
Reading:
A look back at Security Problems in the TCP/IP Protocol Suite,
S. Bellovin, ACSAC 2004.
Inferring Internet Denial-of-Service Activity (Optional)
A detailed DDoS extortion story
|
| |
|
Nov 19
|
Network worms and bot-nets: attacks and defenses ( slides 23)
Reading:
Inside the slammer worm, S. Savage
Characterizing the Remote Control Behavior of Bots
, E. Stinson and J.C. Mitchell (Optional)
|
| |
Nov 24
|
DNS, BGP Security (Nick Weaver) ( slides 24)
Reading:
|
| |
Nov 26
|
Network defense tools: Firewalls and Intrusion Detection
( slides 25)
Reading:
Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection, T. Ptacek
Bro: A System for Detecting Network Intruders in Real-Time,
V. Paxon (Optional)
Linux Firewall - the Traffic Shaper ,
J. Wortelboer and J. Van Oorschot (Optional)
|
| |
Dec 1
|
Privacy and Anonymity
( slides 26)
Reading:
|
| |
|
Dec 3
|
Final review ( slides 27)
|
| |
|
Dec 8
|
How Real-world Systems Fail (iSecPartners)
|
| |
|
Dec 10
|
In-class Exam
|