Assigned readings for CS261
- Tue 27 Aug:
- First day of class. No readings.
- Thu 29 Aug:
- Reflections on trusting trust, Thompson.
- Rudimentary treatise on the construction of locks, Tomlinson.
- Tue 3 Sept:
- The protection of information in computer systems, Saltzer and Schroeder. (Skip, or skim, Section II.)
- Thu 5 Sept:
- Protection, Lampson.
- Tue 10 Sept:
- Excerpts from the Orange Book
- A note on the confinement problem, Lampson.
- Thu 12 Sept:
- The Confused Deputy, Hardy.
- Optional reading: Capability Myths Demolished
- Tue 17 Sept:
- Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten
[html,
pdf]
- Thu 19 Sept:
- Shifting the odds: Writing (more) secure software, Bellovin.
[pdf]
- Tue 24 Sept:
- StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Hinton, Bakke, Beattie, Grier, Wagle, and Zhang.
[also in pdf]
- Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner.
[pdf]
- Thu 26 Sept:
- Security
Problems in the TCP/IP Protocol Suite, Bellovin.
[also available in html and pdf]
- A simple active attack against TCP, Joncheray.
- Tue 1 Oct:
- Improving the security of your site by breaking into it, Farmer and Venema.
- Thu 3 Oct:
- Firewall Gateways, Chapter 3 of Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick and Bellovin.
- Tue 8 Oct:
- No readings.
- Thu 10 Oct:
- Using the Domain Name System for System Break-ins, Bellovin.
- Tue 15 Oct:
- Bro: A System for Detecting Network Intruders in Real-Time, Paxson
[also in html].
- Also, project proposals are due.
- Thu 17 Oct:
- Language-based security, Kozen.
- Proof-Carrying Code, Necula.
- (notes)
- Tue 22 Oct:
- Java
security: from HotJava to Netscape, Dean, Felten, Wallach
[pdf]
- (notes)
- Thu 24 Oct:
- Designing an Authentication System: a Dialogue in Four Scenes, Bryant.
[html]
- (notes)
- Tue 29 Oct:
- No readings. SSL, SSH, and IPSec will be discussed in class.
- Thu 31 Oct:
- Prudent engineering practice for cryptographic protocols, Abadi and Needham.
- (notes)
- Tue 5 Nov:
- Authentication in Distributed Systems: Theory and Practice,
Lampson, Abadi, Burrows, and Wobber.
Note: You may skip Sections 4.3, 5.2, 5.3, 6, 7.1, 7.2, 8, 9, and
the appendix.
- (notes)
- Thu 7 Nov:
- Solutions for Anonymous Communication on the Internet, Claessens, Preneel, Vandewalle.
- Tue 12 Nov:
- Why Cryptosystems Fail, Anderson.
- (notes)
- Thu 14 Nov:
- No readings. We'll discuss cellphone security in class.
- (slides)
- Tue 19 Nov:
- No readings. We'll discuss wireless security in class.
- (notes; slides)
- Thu 21 Nov:
- Class cancelled. Work on projects.
- Tue 26 Nov:
- No readings. We'll discuss content protection and DRM in class.
- (notes)
- Thu 28 Nov:
- No class. Enjoy your Thanksgiving holiday.
- Tue 3 Dec:
- How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It, Pritchard.
- (notes)
- Thu 5 Dec:
- No readings. Last day of class.