# |
Date |
Topic |
Slides |
Required Reading
(from the text book, unless otherwise specified) |
Optional Reading
(from the text book, unless otherwise specified) |
1 |
Sep 7 |
Introduction |
printable |
none |
|
2 |
Sep 9 |
Introduction |
printable, viewable |
Chapter 1 |
Rudimentary Treatise on the Construction of Locks, by Tomlinson |
3 |
Sep 14 |
Cryptography: Introduction |
printable, viewable |
Sections 9.1 -- 9.2.2 |
|
4 |
Sep 16 |
Cryptography: Symmetric Key Cryptosystems |
printable, viewable, |
Sections 9.2.3, 9.2.4 |
|
5 |
Sep 21 |
Cryptography: Asymmetric Key Cryptosystems |
Lecture notes |
Sections 9.3 -- 9.7 |
|
6 |
Sep 23 |
Quiz #1 |
7 |
Sep 28 |
Key Management |
printable, viewable |
All sections in chapter 10 except those listed in the optional reading column for this session. |
|
8 |
Sep 30 |
Cipher Techniques |
printable, viewable |
Sections 11.3--11.7 |
Why Cryptosystems Fail, by Ross Anderson. |
9 |
Oct 5 |
Authentication |
printable,
viewable |
Sections 12.1, 12.2 |
|
10 |
Oct 7 |
Authentication |
Sections 12.3, 12.9 |
Chapter 13, "Biometrics," from Security Engineering -- A Guide to Building Dependable Distributed Systems by Anderson, Ross. John Wiley & Sons, 2001. |
11 |
Oct 12 |
Access control and Policy |
|
Sections 2.1, 2.2, 2.4, 15.1, 15.2, 4.1 -- 4.4, 4.6, 4.8 --4.10. |
- Sections 2.3, 2.5--2.7, Chapter 3.
- B. Lampson. "Protection," Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp. 18-24.
- Sandhu, Ravi S. "Lattice-Based Access Control Models." In: IEEE Computer, 26(11), pp. 9-19, 1993.
|
12 |
Oct 14 |
Policies |
|
Sections 5.1, 5.2.1, 5.2.2, 5.3, 5.5 -- 5.7.
|
Section 5.4 |
13 |
Oct 19 |
Mid-term exam |
14 |
Oct 21 |
Policies |
printable, viewable |
Chapters 6,7 |
Chapter 8 |
15 |
Oct 26 |
Accountability |
self-study |
Chapter 24 |
|
16 |
Oct 28 |
Assurance |
self-study |
Chapters 18, 19 |
|
17 |
Nov 2 |
Malicious Logic |
printable
viewable |
- Chapter 22
- E. Spafford, "A Failure to Learn from the Past," in Proceedings of Annual Computer Security Applications Conference (ACSAC), Las Vegas, Nevada, 2003.
|
- Reflections on trusting trust, by Thompson.
- E. Spafford, "The Internet Worm: Crisis and Aftermath" Communications of the ACM v. 32(6), pp. 678-687; June 1989.
- H. Orman, "The Morris Worm: A Fifteen-Year Perspective" in IEEE Security & Privacy, vol. 1, no. 5, 2003, pp. 35-43.
- P. Boutin, "Slammed! An inside view of the worm that crashed the Internet in 15 minutes," Wired Magazine, Vol. 11, No. 07, July 2003.
- D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, The Spread of the Sapphire/Slammer Worm, Cooperative Association for Internet Data Analysis (CAIDA), 2003.
- McIlroy, M.D., "Virology 101", Computing Systems, v 2, n 2, Spring 1989, p 173-81
- C. Shannon and D. Moore, "The spread of the Witty worm," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp. 46-50.
- J. Pincus and B. Baker, "Beyond Stack Smashing: Recent Advances in Exploting Buffer Overruns," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp.20-27.
|
18 |
Nov 4 |
Availability |
printable
viewable |
none |
- Practical Byzantine Fault Tolerance, video record of a talk given at MIT by Barbara Liskov.
- R. Albert, H. Jeong, and A.-L. Barabasi, "Error and attack tolerance of complex networks," Nature, vol. 406, no. 6794, 2000, pp. 378-82.
- D. Geer, C.P. Pfleeger, B. Schneier, J.S. Quarterman, P. Metzger, R. Bace, and P. Gutmann, "CyberInSecurity: The Cost of Monopoly," 2003.
|
19 |
Nov 9 |
Design Principles |
printable
viewable |
Chapter 13 |
J. Saltzer and M. Schroeder "The Protection of Information in Computer Systems" |
20 |
Nov 16 |
Case Study |
miscellaneous-viewable
miscellaneous-printable
case-study-viewable
case-study-printable |
|
|
21 |
Nov 18 |
Developing Secure Software |
printable
viewable |
|
- A. Hall and R. Chapman, "Correctness by Construction: Developing a Commercial Secure System," IEEE Software, January/February 2002, pp.18-25.
|
22 |
Nov 23 |
Quiz #2,
Assignment #4 analysis,
Evaluations |
|
23 |
Nov 25 |
Security & Usability |
printable
viewable |
- D. Balfanz, D.K. Smetters, and R. E. Grinter, "In Search of Usable Security: Five Lessons From The Field," IEEE Security and Privacy, volume 2, number 5, pp.19-24, September/October 2004.
- K. Yee, "User Interaction Design for Secure Systems"
|
|
24 |
Nov 30 |
Mini-conference |
25 |
Dec 2 |
Mini-conference |
|