EECE 440, Spring 2004 --

!	Sessions

#	Date	Topic	Slides	Required Reading (from the text book, unless otherwise specified)	Optional Reading (from the text book, unless otherwise specified)
1	Sep 7	Introduction	printable	none
2	Sep 9	Introduction	printable, viewable	Chapter 1	Rudimentary Treatise on the Construction of Locks, by Tomlinson
3	Sep 14	Cryptography: Introduction	printable, viewable	Sections 9.1 -- 9.2.2	Chapter 5 from Security Engineering -- A Guide to Building Dependable Distributed Systems by Anderson, Ross. John Wiley & Sons, 2001. The Code Book by Simon Singh. "Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD" by Xiaoyun Wang, Dengguo Feng, Xuejia Lai, Hongbo Yu "The Vigenere Cipher" Cryptography FAQ
4	Sep 16	Cryptography: Symmetric Key Cryptosystems	printable, viewable,	Sections 9.2.3, 9.2.4	"A Cryptographic Compendium" by John J. G. Savard Chapter from it, of special interest, on "Block Cipher Modes" Rijndael authors' page "Modern Private Key Ciphers" by Lawrie Brown Chapter 18, "One-way Hash Functions" from Applied Cryptography by Bruce Schneier.
5	Sep 21	Cryptography: Asymmetric Key Cryptosystems	Lecture notes	Sections 9.3 -- 9.7
6	Sep 23	Quiz #1
7	Sep 28	Key Management	printable, viewable	All sections in chapter 10 except those listed in the optional reading column for this session.	Sections 10.4.1, 10.6.2.2 Presentation slides on "Quantum Key Distribution" by Ravi Kumar Balachandran C. Elliott, "Quantum Cryptography," Security & Privacy Magazine, IEEE, vol. 02, no. 4, 2004, pp. 57-61. Collection of useful tutorials and introductions to quantum cryptography on the BBN project page.
8	Sep 30	Cipher Techniques	printable, viewable	Sections 11.3--11.7	Why Cryptosystems Fail, by Ross Anderson.
9	Oct 5	Authentication	printable, viewable	Sections 12.1, 12.2	Chapter 3, "Passwords," from Security Engineering -- A Guide to Building Dependable Distributed Systems by Anderson, Ross. John Wiley & Sons, 2001. Designing an Authentication System: a Dialogue in Four Scenes, by Bill Bryant, 1988. Web Password Hashing project -- very elegant solution to the problem of using same password at different web sites.
10	Oct 7	Authentication	printable, viewable	Sections 12.3, 12.9	Chapter 13, "Biometrics," from Security Engineering -- A Guide to Building Dependable Distributed Systems by Anderson, Ross. John Wiley & Sons, 2001.
11	Oct 12	Access control and Policy	printable, viewable	Sections 2.1, 2.2, 2.4, 15.1, 15.2, 4.1 -- 4.4, 4.6, 4.8 --4.10.	Sections 2.3, 2.5--2.7, Chapter 3. B. Lampson. "Protection," Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp. 18-24. Sandhu, Ravi S. "Lattice-Based Access Control Models." In: IEEE Computer, 26(11), pp. 9-19, 1993.
12	Oct 14	Policies	printable, viewable	Sections 5.1, 5.2.1, 5.2.2, 5.3, 5.5 -- 5.7.	Section 5.4
13	Oct 19	Mid-term exam
14	Oct 21	Policies	printable, viewable	Chapters 6,7	Chapter 8
15	Oct 26	Accountability	self-study	Chapter 24
16	Oct 28	Assurance	self-study	Chapters 18, 19	"We Need Assurance" talk given by Brian Snow, NSA, at Black Hat USA Conference, 2000. "Software Security: How Static Analysis Can Help" Talk given by David Wagner, U.C. Berkeley, at MURL. Corresponding slides. J. Williams, M. Schaefer, and D. Landoll, "Pretty Good Assurance" in Proceedings of the New Security Paradigms Workshop, 1995. pp. 82-89.
17	Nov 2	Malicious Logic	printable viewable	Chapter 22 E. Spafford, "A Failure to Learn from the Past," in Proceedings of Annual Computer Security Applications Conference (ACSAC), Las Vegas, Nevada, 2003.	Reflections on trusting trust, by Thompson. E. Spafford, "The Internet Worm: Crisis and Aftermath" Communications of the ACM v. 32(6), pp. 678-687; June 1989. H. Orman, "The Morris Worm: A Fifteen-Year Perspective" in IEEE Security & Privacy, vol. 1, no. 5, 2003, pp. 35-43. P. Boutin, "Slammed! An inside view of the worm that crashed the Internet in 15 minutes," Wired Magazine, Vol. 11, No. 07, July 2003. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, The Spread of the Sapphire/Slammer Worm, Cooperative Association for Internet Data Analysis (CAIDA), 2003. McIlroy, M.D., "Virology 101", Computing Systems, v 2, n 2, Spring 1989, p 173-81 C. Shannon and D. Moore, "The spread of the Witty worm," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp. 46-50. J. Pincus and B. Baker, "Beyond Stack Smashing: Recent Advances in Exploting Buffer Overruns," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp.20-27.
18	Nov 4	Availability	printable viewable	none	Practical Byzantine Fault Tolerance, video record of a talk given at MIT by Barbara Liskov. R. Albert, H. Jeong, and A.-L. Barabasi, "Error and attack tolerance of complex networks," Nature, vol. 406, no. 6794, 2000, pp. 378-82. D. Geer, C.P. Pfleeger, B. Schneier, J.S. Quarterman, P. Metzger, R. Bace, and P. Gutmann, "CyberInSecurity: The Cost of Monopoly," 2003.
19	Nov 9	Design Principles	printable viewable	Chapter 13	J. Saltzer and M. Schroeder "The Protection of Information in Computer Systems"
20	Nov 16	Case Study	miscellaneous-viewable miscellaneous-printable case-study-viewable case-study-printable
21	Nov 18	Developing Secure Software	printable viewable	"Processes to Produce Secure Software" Editors S.T. Redwine Jr. and N. Davis. March 2004. Chapter 29	A. Hall and R. Chapman, "Correctness by Construction: Developing a Commercial Secure System," IEEE Software, January/February 2002, pp.18-25.
22	Nov 23	Quiz #2, Assignment #4 analysis, Evaluations
23	Nov 25	Security & Usability	printable viewable	D. Balfanz, D.K. Smetters, and R. E. Grinter, "In Search of Usable Security: Five Lessons From The Field," IEEE Security and Privacy, volume 2, number 5, pp.19-24, September/October 2004. K. Yee, "User Interaction Design for Secure Systems"	D. Balfanz et. al., "Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute," in Proceedings of Usenix Security Symposium, 2004, pp. 207-221. Secure Interaction Design page with useful links. A.Whitten and J. D. Tygar, "Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0"
24	Nov 30	Mini-conference
25	Dec 2	Mini-conference

Sessions