| Aug. 28 |
Course overview |
2005 notes,
Trust in Cyberspace, Ch. 1 and 6
|
| 30 |
Threats, vulnerabilities, and design principles |
2005 notes,
Saltzer and Schroeder,
Lampson
|
| Cryptography |
| Sep. 4 |
Hashes and message digests
| KPS Ch. 4, Schneier Ch. 18.14, Bishop Ch. 8.4 |
HW1 out |
| 6 |
Symmetric cryptosystems and authentication
| 2005 notes,
Bishop Ch. 9, Schneier Ch. 18
|
| 11 |
Public-key cryptosystems, RSA |
Lecture notes,
Bishop 8.3, Schneier Ch. 19, 22.1.
|
|
| 13 |
Public-key infrastructures
| Lecture notes, Bishop 10.4
| HW1 due. Project proposal due 9/15.
|
| 20 |
ElGamal, cryptographic protocol engineering
| Abadi and Needham
|
|
| Authentication and Privacy |
| 25 |
User authentication
| '05 notes, Bishop 11
|
| 27 |
Biometrics, Privacy
| '05 privacy notes
|
| Authorization |
| Oct. 2 |
Protection matrices and access control lists
| Bishop 2, 3, 14.1
|
| 4 |
Capabilities
| Bishop 14.2,
Notes on capabilities,
Notes on revocation
|
| 11 |
Java security, logic for authentication and authorization
| Authentication in distributed systems, Lampson et al.,
A calculus for access control in distributed systems, Abadi et al. (1,2,4,5,6.1
| HW2 due
|
| System integrity |
| 16 |
Attacks: stack smashing and more
|
Stack smashing;
Stackguard;
Heap overflows;
Format-strings
|
| 18 |
Reference monitors. Safety properties. Safe C's.
|
Enforceable policies.
CCured.
|
| 23 |
Software fault isolation, inlined reference monitors
|
Erlingsson, Schneider
| Project design due
|
| 25 |
Java bytecode verification (M. Clarkson)
|
|
| 30 |
Trojan horses, viruses and worms
| Bishop 19;
Thompson, Reflections on trusting trust;
Costa et al., Vigilante: End-to-End Containment,
SQL Slammer worm
|
| Richer policies and properties |
| Nov. 1 |
Mandatory access control (MAC), multi-level security,
partial orders and lattices
| Bishop 5,
Notes
|
HW3 out (Nov. 3)
|
| 6 |
Biba integrity model
|
|
| 8 |
Clark/Wilson; Chinese Wall; role-based access control (RBAC);
noninterference
| Notes,
Chinese Wall Security Policy
|
| 13 |
Covert channels, static information flow, Jif
|
Notes,
'05 Notes, Bishop 16.3
| HW3 due
|
| 15 |
More static information flow
| Notes
|
| Real-world security mechanisms |
| 20 |
Availability and denial of service
|
Topics,
'05 Notes,
Bishop 23.4 |
HW4 out
|
| 22 |
Firewalls and intrusion detection
| Bishop 21, 22, 23.3
|
| 27 |
Anonymity (mixes, onion routing), Voting
| Bishop 13.6
|
| 29 |
Intellectual property protection: DRM, TPM, obfuscation, watermarking
| Collberg & Thomborson,
TPM architecture overview
| HW4 due Dec. 2
|
| Dec. 6–11 |
Project demos
|
|