18-487 Syllabus (Spring 2007)
- Jan 15: Martin Luther King day, no class
- Jan 17: Introduction, no reading assignment
Part I: Computer Security and Malicious Code
- Jan 22: Vulnerability Examples
- Jan 24: Buffer Overflows: Attacks and Defenses
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.
Smashing The Stack For Fun And Profit, Aleph One
Exploiting Format String Vulnerabilities
- Jan 29: Browser Security: Attacks and Defenses
Protecting Browser State from Web Privacy Attacks
Securing Java, McGraw and Felten, Chapter 2.
- Jan 31: Distributed Access Control (Guest Lecture: Lujo Bauer)
- Feb 5: TCP/IP Security
Security Problems in the TCP/IP Protocol Suite
TCP Congestion Control with a Misbehaving Receiver
Resisting SYN Flood DoS Attacks with a SYN Cache
- Feb 7: Denial-of-service Attacks and Defenses
Practical network support for IP Traceback, S. Savage, et al
Pi: A Path Identification Mechanism to Defend against DDoS Attacks.
- Feb 12: Network-based Intrusion Detection
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, T. Ptacek
Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon
Linux Firewall - the Traffic Shaper , J. Wortelboer and J. Van Oorschot
- Feb 14: Spam and Phishing
- Feb 19: Internet Worms: Attacks and Defenses
Inside the slammer worm, S. Savage
Automated worm fingerprinting,S. Singh et al.
- Feb 21: Anonymous Communication and DRM
The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, David Chaum
- Feb 26: OS Security and Access Control
The Protection of Information in Computer Systems, J.H. Saltzer and M.D.
Setuid Demystified, Chen, Wagner, and Dean (first three pages and section 5.2)
- Feb 28: Host-based Intrusion Detection
- March 5: Midterm Review
- March 7: Midterm
- March 12: Spring Break, no class
- March 14: Spring Break, no class
Part II: Introduction to Cryptography
- March 19: Information theoretic security, one-time pad, basic intro
- March 21: Basic number theory
- March 26: RSA, OAEP
DS P.167-170, 212-218,
- March 28: Rabin Cryptosystem, ElGamal
DS P. 204-208, 226-228.
- Apr 2: Block cipher, Feisel networks, modes of operation
DS P. 73-79, 109-112.
- Apr 4: Hash, MAC, Universal hash
DS P. 117-119, 136-149.
- Apr 9: Signature schemes
- Apr 11: Secret Sharing Schemes
- Apr 16: Zero-knowledge proofs
- Apr 18: Computation over Encryted Data
- Apr 23: Error-correcting codes (I)
- Apr 25: Error-correcting codes (II)
TW 400-403, 442-444
- Apr 30: Project Presentation
- May 2: Final Review