Course description

This course covers selected topics related to theory and practice of computer security. It is organized around 26 research papers taken from the past 40 years of computer security research. These papers reflect the instructor's personal taste and are not intended to give a comprehensive survey of modern computer security.

Schedule

Date Reading and assignments
Topic Notes
Aug 30 Attacks and defenses for the vulnerability of the decade Memory attacks [ppt]
[pdf]
Sep 4 The geometry of innocent flesh on the bone Memory attacks [ppt]
[pdf]
Sep 6 Interpreter exploitation Memory attacks [ppt]
[pdf]
Sep 11 Control-flow integrity Memory protection [ppt]
[pdf]
Sep 13 Native Client Memory protection see above
Sep 18 Using transactions to enforce security policies
- guest lecture by Suman Jana
Intrusion detection  
Sep 20 Intrusion detection via static analysis Intrusion detection [ppt]
[pdf]
  Project proposals due    
Sep 25 Beware of finer-grained origins Web security [ppt]
[pdf]
Sep 27 SYN cookies Denial of service [ppt]
[pdf]
  Homework 1 due    
Oct 2 Inferring Internet denial-of-service activity
Outwitting the Witty worm
Honeypots and telescopes [ppt]
[pdf]
Oct 4 New directions in cryptography Crypto protocols [ppt]
[pdf]
Oct 9 All your $$L are belong to us
- guest lecture by Martin Georgiev
Crypto protocols  
Oct 11 Prudent engineering practice for cryptographic protocols
Breaking and fixing the Needham-Schroeder protocol using FDR
Crypto protocols [ppt]
[pdf]
Oct 16 Intercepting mobile communications: The insecurity of 802.11 Crypto protocols [ppt]
[pdf]
Oct 18 Memento
- guest lecture by Suman Jana
   
Oct 23 A note on the confinement problem
Certification of programs for secure information flow
Information flow [ppt]
[pdf]
Oct 25 A decentralized model for information flow control Information flow see above
  Homework 2 due    
Oct 30 Authentication in distributed systems Access control [ppt]
[pdf]
Nov 1 Midterm    
Nov 6 Sound and precise analysis of Web applications for injection vulnerabilities Web security [ppt]
[pdf]
Nov 8 Overshadow Virtual machines [ppt]
[pdf]
Nov 13 Protocols for secure computations Crypto protocols [ppt]
[pdf]
Nov 15 Tor Anonymity [ppt]
[pdf]
Nov 20 Differential privacy Privacy [ppt]
[pdf]
  Homework 3 due    
Nov 27 Privacy as contextual integrity Privacy [ppt]
[pdf]
Nov 29 Remote timing attacks are practical Side-channel attacks [ppt]
[pdf]
Dec 4 Keyboard acoustic emanations revisited Side-channel attacks [ppt]
[pdf]
Dec 6 Cold boot attacks on encryption keys Physical attacks [ppt]
[pdf]
  Homework 4 due    
Dec 17 Project reports due