EECE 412 Sessions

!	Sessions

Last updated November 22, 2005 9:42

Topic	Slides	Required Reading (from the Bishop's text book, unless otherwise specified)	Optional Reading (from the text book, unless otherwise specified)
Course Orientation	printable, viewable	none	none
Introduction	printable, viewable	Bishop's chapter 1 Anderson's chapter 1	Rudimentary Treatise on the Construction of Locks, by Tomlinson
Cryptography: Introduction	printable, viewable	Anderson's 5.1-5.4 Bishop's 8.1 -- 8.2.2	The Code Book by Simon Singh. "Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD" by Xiaoyun Wang, Dengguo Feng, Xuejia Lai, Hongbo Yu "The Vigenere Cipher" Cryptography FAQ
Cryptography: Symmetric Key Cryptosystems	printable, viewable	Anderson's 5.5-5.8 Bishop's 8.2.3, 8.2.4	"A Cryptographic Compendium" by John J. G. Savard Chapter from it, of special interest, on "Block Cipher Modes" Rijndael authors' page "Modern Private Key Ciphers" by Lawrie Brown Chapter 18, "One-way Hash Functions" from Applied Cryptography by Bruce Schneier.
Cryptography: Asymmetric Key Cryptosystems	printable, viewable	Anderson's 5.5-5.8 Sections 8.3 -- 8.6
Key Management	printable, viewable	Bishop's Chapter 9	GnuPG Keysigning Party HOWTO Presentation slides on "Quantum Key Distribution" by Ravi Kumar Balachandran C. Elliott, "Quantum Cryptography," Security & Privacy Magazine, IEEE, vol. 02, no. 4, 2004, pp. 57-61. Collection of useful tutorials and introductions to quantum cryptography on the BBN project page.
Cryptography in Networks	printable, viewable	Bishop's Sections 10.3--11.6	Why Cryptosystems Fail, by Ross Anderson Unofficial 802.11 (Wi-Fi) Security Web Page Secure Socket Layer information page
Case study: "Security Possibilities in Layer 2" by Allan Anton	viewable	slides of the lecture	N/A
Authentication	printable, viewable	Anderson's Chapters 3 and 13. Bishop's Chapter 11	Designing an Authentication System: a Dialogue in Four Scenes, by Bill Bryant, 1988. Web Password Hashing project -- very elegant solution to the problem of using same password at different web sites.
Access control mechanisms and policies	printable, viewable	Anderson's book: 4.1, 4.2, 4.4, 4.5, 7.1-7.3, 7.6, 7.7, 8.1, 8.2, 8.5, 9.2. Bishop's book: 14.1, 14.2, 4.1-4.4, 4.6, chapter 5, 6.2-6.4, 7.1, 7.3-7.5.	Anderson's book: 4.3, 7.4, 7.5, 8.3, 8.4, 9.1, 9.3-9.5. Bishop's book: chapter 3, 7.2 B. Lampson. "Protection," Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp. 18-24. Sandhu, Ravi S. "Lattice-Based Access Control Models." In: IEEE Computer, 26(11), pp. 9-19, 1993.
Malicious Logic	printable viewable	Bishop's Chapter 19 E. Spafford, "A Failure to Learn from the Past," in Proceedings of Annual Computer Security Applications Conference (ACSAC), Las Vegas, Nevada, 2003. Anderson's book: Section 18.4	Reflections on trusting trust, by Thompson. E. Spafford, "The Internet Worm: Crisis and Aftermath" Communications of the ACM v. 32(6), pp. 678-687; June 1989. H. Orman, "The Morris Worm: A Fifteen-Year Perspective" in IEEE Security & Privacy, vol. 1, no. 5, 2003, pp. 35-43. P. Boutin, "Slammed! An inside view of the worm that crashed the Internet in 15 minutes," Wired Magazine, Vol. 11, No. 07, July 2003. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, The Spread of the Sapphire/Slammer Worm, Cooperative Association for Internet Data Analysis (CAIDA), 2003. McIlroy, M.D., "Virology 101", Computing Systems, v 2, n 2, Spring 1989, p 173-81 C. Shannon and D. Moore, "The spread of the Witty worm," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp. 46-50. J. Pincus and B. Baker, "Beyond Stack Smashing: Recent Advances in Exploting Buffer Overruns," Security & Privacy Magazine, IEEE, vol. 2, no. 4, 2004, pp.20-27.
Availability	printable viewable	none	Practical Byzantine Fault Tolerance, video record of a talk given at MIT by Barbara Liskov. R. Albert, H. Jeong, and A.-L. Barabasi, "Error and attack tolerance of complex networks," Nature, vol. 406, no. 6794, 2000, pp. 378-82. D. Geer, C.P. Pfleeger, B. Schneier, J.S. Quarterman, P. Metzger, R. Bace, and P. Gutmann, "CyberInSecurity: The Cost of Monopoly," 2003.
Design Principles	printable viewable	Bishop's Chapter 12	J. Saltzer and M. Schroeder "The Protection of Information in Computer Systems"
Developing Secure Software	printable viewable	"Processes to Produce Secure Software" Editors S.T. Redwine Jr. and N. Davis. March 2004.	How Buffer Overflow Works by Dave Hollinger A. Hall and R. Chapman, "Correctness by Construction: Developing a Commercial Secure System," IEEE Software, January/February 2002, pp.18-25.
Accountability	self-study	Bishop's Chapter 21
Assurance	self-study	Bishop's Chapters 17, 18	"We Need Assurance" talk given by Brian Snow, NSA, at Black Hat USA Conference, 2000. "Software Security: How Static Analysis Can Help" Talk given by David Wagner, U.C. Berkeley, at MURL. Corresponding slides. J. Williams, M. Schaefer, and D. Landoll, "Pretty Good Assurance" in Proceedings of the New Security Paradigms Workshop, 1995. pp. 82-89.
Security & Usability	printable viewable	D. Balfanz, D.K. Smetters, and R. E. Grinter, "In Search of Usable Security: Five Lessons From The Field," IEEE Security and Privacy, volume 2, number 5, pp.19-24, September/October 2004. K. Yee, "User Interaction Design for Secure Systems"	D. Balfanz et. al., "Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute," in Proceedings of Usenix Security Symposium, 2004, pp. 207-221. Secure Interaction Design page with useful links. A.Whitten and J. D. Tygar, "Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0"
Economics of Security		Ross Anderson "Why Information Security is Hard - An Economic Perspective"