CNT 5410

Course Calendar - Fall 2015

Below is the calendar for this course. This is the preliminary schedule, which may be altered as the term progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date Topic Assignments
Due
Discussions
(do readings before class)
08/24/15 Introduction
( Intro )
Course Syllabus (link)
Assignment 1: (link)
08/26/15 Intro/Research Methods
( )
Security Engineering, Chapter 1 (link)
K. Thompson, Reflections on Trusting Trust. (link)
M.J. Hanson, Efficient Reading in Science and Technology (link)
08/28/15 Research Methods
( Methods1 )
08/31/15 Cryptography
( Crypto )
Assignment 1
Security Engineering Chapter 5.1-5.3
09/02/15 Cryptography
R. Anderson, Why Cryptosystems Fail (link)
Assignment 2: (link)
09/04/15 Cryptography
Security Engineering, Chapter 5.4-5.8
09/07/15 No class - Labor Day
09/09/15 Applied Cryptography
( AppliedCrypto )
R. Needham and M. Schroeder, Using Encryption for authentication in Large Networks of Computers (link)
G. Lowe, An Attack on the Needham-Schroeder Public-Key Authentication Protocol (link)
09/11/15 Applied Cryptography
( AppliedCrypto )
Project Ideas
R. Rivest, A. Shamir, and L. Adelman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. (link)
09/14/15 Applied Cryptography
( )
09/16/15 Authentication
( Auth )
Security Engineering, Chapter 3.1-3.4
09/18/15 Authentication
( Auth )
Assignment 2
Security Engineering, Chapter 3.5-3.9
C. Newman and T. Ts'o. Kerberos: An Authentication Service for Computer Networks. (link)
09/21/15 Authentication
Security Engineering, Chapter 3.5-3.9
09/23/15 Research Methods 2
( Methods2 )
09/25/15 Research Methods 2
09/28/15 Social Engineering
( Social )
09/30/15 PKI
( PKI )
C. Ellison and B. Schneier, Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure (link)
10/02/15 PKI
( )
10/05/15 Network Security
( Network )
S. Bellovin, A Look Back at "Security Problems in the TCP/IP Protocol Suite" (link)
10/07/15 Network Security/BGP
( BGP )
K. Butler, T. Farley, P. McDaniel, and J. Rexford. A Survey of BGP Security Issues and Solutions. (link)
10/09/15 BGP and DNS
( )
Project: Related work
10/12/15 DNS
( DNS )
G. Ateniese, S. Mangard: A New Approach to DNS Security (DNSSEC), Proc. of the Eighth ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, USA, November 5-8, 2001. (link)
10/14/15 Review
( Review )
10/16/15 Midterm Exam
10/19/15 DDoS
( DOS )
A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review archive, pages 39-54, 34 (2), April, 2005. (link)
B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, Y. Hu, Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks, Proceedings of ACM SIGCOMM 2007 (link)
Assignment 3: (link)
10/21/15 DDoS
B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, Y. Hu, Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks, Proceedings of ACM SIGCOMM 2007 (link)
10/23/15 Intrusion Detection
( IDS )
A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
10/26/15 Intrusion Detection
( )
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
10/28/15 Firewalls
( Firewall )
A quantitative study of firewall configuration errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. (link)
10/30/15 Firewalls
( )
11/02/15 Malware
( Malware )
Kanich et al., Spamalytics: An Empirical Analysis of Spam Marketing Conversion, Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2008. (link)
11/04/15 Botnets
( )
Project: Abstract/Intro
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation, G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. In Proceedings of the 16th USENIX Security Symposium (Security'07), 2007. (link)
11/06/15 No class - Homecoming
11/09/15 Web Security
( Web )
How Does SSL/TLS Work? (link)
N. Provos, P. Mavrommatis, M. Abu Rajab, and F. Monrose. All your iFRAMEs point to Us. In Proceedings of the 2008 USENIX Security symposium. (link)
11/11/15 No class - Veteran's Day - Assignment 3 Due
11/13/15 Web Security
( )
Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. King. In Proceedings of the IEEE Symposium on Security and Privacy, 2008. (link)
11/16/15 Web Security
( )
Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. King. In Proceedings of the IEEE Symposium on Security and Privacy, 2008. (link)
11/18/15 Cloud Computing
( Cloud )
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2009. (link)
11/20/15 No class - Mike Reiter Distinguished Lecture at 11 AM
11/23/15 Anonymity
( Anon )
R. Dingledine, N. Mathewson, and P. Symposium. Tor: The Second-Generation Onion Router, Proceedings of the 2004 USENIX Security Symposium. (link)
11/25/15 No class - Thanksgiving
11/27/15 No class - Thanksgiving
11/30/15 Cellular Network Security
( Cell )
Exploiting Open Functionality in SMS-Capable Cellular Networks, P. Traynor, W. Enck, P. McDaniel and T. La Porta, Journal of Computer Security (JCS), 16(6):713-742, 2008. (link)
12/02/15 Mobile Networks
( Cell )
Understanding Android Security, William Enck, Machigar Ongtang, and Patrick McDaniel. IEEE Security and Privacy Magazine, 7(1):50--57, January/February, 2009. (link)
12/04/15 Android Security
( Android )
William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security, Proceedings of the 20th USENIX Security Symposium, August, 2011. (link)
12/07/15 Project Showcase Final Poster
To be held in Room E305, CISE Building
12/09/15 Wrap Up/Review
( Wrapup )
12/16/15 Final Exam (10:00 AM - 12:00 PM)