Assigned readings for CS261

Tue 27 Aug:
First day of class. No readings.
Thu 29 Aug:
Reflections on trusting trust, Thompson.
Rudimentary treatise on the construction of locks, Tomlinson.
Tue 3 Sept:
The protection of information in computer systems, Saltzer and Schroeder. (Skip, or skim, Section II.)
Thu 5 Sept:
Protection, Lampson.
Tue 10 Sept:
Excerpts from the Orange Book
A note on the confinement problem, Lampson.
Thu 12 Sept:
The Confused Deputy, Hardy.
Optional reading: Capability Myths Demolished
Tue 17 Sept:
Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten [html, pdf]
Thu 19 Sept:
Shifting the odds: Writing (more) secure software, Bellovin. [pdf]
Tue 24 Sept:
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Hinton, Bakke, Beattie, Grier, Wagle, and Zhang. [also in pdf]
Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner. [pdf]
Thu 26 Sept:
Security Problems in the TCP/IP Protocol Suite, Bellovin. [also available in html and pdf]
A simple active attack against TCP, Joncheray.
Tue 1 Oct:
Improving the security of your site by breaking into it, Farmer and Venema.
Thu 3 Oct:
Firewall Gateways, Chapter 3 of Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick and Bellovin.
Tue 8 Oct:
No readings.
Thu 10 Oct:
Using the Domain Name System for System Break-ins, Bellovin.
Tue 15 Oct:
Bro: A System for Detecting Network Intruders in Real-Time, Paxson [also in html].
Also, project proposals are due.
Thu 17 Oct:
Language-based security, Kozen.
Proof-Carrying Code, Necula.
Tue 22 Oct:
Java security: from HotJava to Netscape, Dean, Felten, Wallach [pdf]
Thu 24 Oct:
Designing an Authentication System: a Dialogue in Four Scenes, Bryant. [html]
Tue 29 Oct:
No readings. SSL, SSH, and IPSec will be discussed in class.
Thu 31 Oct:
Prudent engineering practice for cryptographic protocols, Abadi and Needham.
Tue 5 Nov:
Authentication in Distributed Systems: Theory and Practice, Lampson, Abadi, Burrows, and Wobber.
Note: You may skip Sections 4.3, 5.2, 5.3, 6, 7.1, 7.2, 8, 9, and the appendix.
Thu 7 Nov:
Solutions for Anonymous Communication on the Internet, Claessens, Preneel, Vandewalle.
Tue 12 Nov:
Why Cryptosystems Fail, Anderson.
Thu 14 Nov:
No readings. We'll discuss cellphone security in class.
Tue 19 Nov:
No readings. We'll discuss wireless security in class.
(notes; slides)
Thu 21 Nov:
Class cancelled. Work on projects.
Tue 26 Nov:
No readings. We'll discuss content protection and DRM in class.
Thu 28 Nov:
No class. Enjoy your Thanksgiving holiday.
Tue 3 Dec:
How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It, Pritchard.
Thu 5 Dec:
No readings. Last day of class.