18-487 Syllabus (Spring 2007)

• Jan 15: Martin Luther King day, no class
  
• Jan 17: Introduction, no reading assignment
  

Part I: Computer Security and Malicious Code

• Jan 22: Vulnerability Examples
  
• Jan 24: Buffer Overflows: Attacks and Defenses
  
  Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.
  Smashing The Stack For Fun And Profit, Aleph One
  Exploiting Format String Vulnerabilities
  
  
• Jan 29: Browser Security: Attacks and Defenses
  
  Protecting Browser State from Web Privacy Attacks
  Securing Java, McGraw and Felten, Chapter 2.
  
  
• Jan 31: Distributed Access Control (Guest Lecture: Lujo Bauer)
  
  
• Feb 5: TCP/IP Security
  
  Security Problems in the TCP/IP Protocol Suite
  TCP Congestion Control with a Misbehaving Receiver
  Resisting SYN Flood DoS Attacks with a SYN Cache
  
  
• Feb 7: Denial-of-service Attacks and Defenses
  
  Practical network support for IP Traceback, S. Savage, et al
  Pi: A Path Identification Mechanism to Defend against DDoS Attacks.
  
  
• Feb 12: Network-based Intrusion Detection
  
  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, T. Ptacek
  Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon
  Linux Firewall - the Traffic Shaper , J. Wortelboer and J. Van Oorschot
  
  
• Feb 14: Spam and Phishing
  
  Anti-phising report
  
  
• Feb 19: Internet Worms: Attacks and Defenses
  
  Inside the slammer worm, S. Savage
  Automated worm fingerprinting,S. Singh et al.
  
  
• Feb 21: Anonymous Communication and DRM
  
  The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, David Chaum
  
  
• Feb 26: OS Security and Access Control
  
  The Protection of Information in Computer Systems, J.H. Saltzer and M.D.
  Setuid Demystified, Chen, Wagner, and Dean (first three pages and section 5.2)
  
  
• Feb 28: Host-based Intrusion Detection
  
  
  
  
• March 5: Midterm Review
  
  
  
  
• March 7: Midterm
  
  
  
  
• March 12: Spring Break, no class
  
  
  
  
• March 14: Spring Break, no class
  
  
  
  

Part II: Introduction to Cryptography

• March 19: Information theoretic security, one-time pad, basic intro
  
  
  
  
• March 21: Basic number theory
  
  DS P.157-167
  
  
• March 26: RSA, OAEP
  
  DS P.167-170, 212-218,
  
  
• March 28: Rabin Cryptosystem, ElGamal
  
  DS P. 204-208, 226-228.
  
  
• Apr 2: Block cipher, Feisel networks, modes of operation
  
  DS P. 73-79, 109-112.
  
  
• Apr 4: Hash, MAC, Universal hash
  
  DS P. 117-119, 136-149.
  
  
• Apr 9: Signature schemes
  
  DS 274-292.
  
  
• Apr 11: Secret Sharing Schemes
  
  
• Apr 16: Zero-knowledge proofs
  
  
• Apr 18: Computation over Encryted Data
  
  
• Apr 23: Error-correcting codes (I)
  
  TW 392-400
  
  
• Apr 25: Error-correcting codes (II)
  
  TW 400-403, 442-444
  
  
• Apr 30: Project Presentation
  
  
• May 2: Final Review