| Week of |
Day |
Topic |
Reading |
Lec. notes |
Milestones |
Lecturer |
| Jan 6 |
Tu |
|
Introduction, basic concepts |
Anderson 1, Saltzer and Schroeder 75 |
|
|
Dan |
|
|
Th |
Ethics and responsibility |
Thompson 84 (alternate link),Schneier 08, Google 10 |
|
|
Dan |
| Jan 13 |
Tu |
|
Cryptography |
Anderson 5, Common Flaws of Distributed Identity and Authentication Systems |
|
|
Dan |
|
|
Th |
Web security intro / webseclab intro |
|
|
|
Dan/Tad |
| Jan 20 |
Tu |
|
Public key crypto + voting |
|
slides |
|
Dan |
|
|
Th |
Web login, cookies |
Anderson 3, OpenID explained |
|
|
Dan |
| Jan 27 |
Tu |
|
Voting + BitCoin |
Nielsen (How BitCoin Works) |
|
|
Dan |
|
|
Th |
Block ciphers |
|
|
|
Dan |
| Feb 3 |
Tu |
|
Webseclab runthrough |
|
|
|
Tad |
|
|
Th |
Android security |
A Study of Android Application Security, Understanding Android Security |
|
|
Tad |
| Feb 10 |
Tu |
|
Web security attacks |
Rnake’s XSS Cheatsheet, OWASP XSS Guide, OWASP CSRF Guide, Barth 08S, HTML5 web security |
|
|
Dan |
|
|
Th |
Buffer overflows |
|
|
|
Dan |
| Feb 17 |
Tu |
|
User and network security |
Friedl 08, Anderson 21 |
|
|
Dan |
|
|
Th |
Network hacking demo |
Firesheep, Wireshark |
|
|
Dan |
| Feb 24 |
Tu |
|
Protocol security and anonymity |
Tor overview |
slides |
|
Dan |
|
|
Th |
Spam |
Graham 02, Graham 03, Levchenko 11 |
|
|
Dan |
| Mar 3 |
Tu |
|
No class (Spring Break) |
|
|
Th |
| Mar 10 |
Tu |
|
Least privilege mechanisms |
Wikipedia links: priv separation, confused deputies, virtual machines, capability systems; See also, the Chrome architecture |
|
|
Dan |
|
|
Th |
Industrial malware (Stuxnet/Duqu) |
Symantec 11 |
|
|
Dan |
| Mar 17 |
Tu |
|
Hardware & embedded |
Kocher et al. 04, Jyostna et al. 11, Koscher et al. 10, Mulliner et al. 11 |
|
|
Dan |
|
|
Th |
Automotive security |
publications (one in 2010 and one in 2011) |
video |
|
Dan |
| Mar 24 |
Tu |
|
Internet miscreants |
Thomas 13, Kanich 11 |
|
|
Dan |
|
|
Th |
No class (Midterm Recess) |
| Mar 31 |
Tu |
|
Medical devices |
Halpern et al. 2008 |
video |
|
Dan |
|
|
Th |
“Secure” radios |
Blaze et al. 2011 |
video |
|
Dan |
| Apr 7 |
Tu |
|
Windows 7 security |
Cowan 2010 |
video |
|
Tad |
|
|
Th |
Android security |
Cannings 2009 |
video |
|
Tad |
| Apr 15 |
Tu |
|
Secure engineering |
Security Code Review Guidelines, OWASP Code Review Guide Table of Contents, Bessey et al. 10 |
|
|
Dan |
|
|
Th |
Finale / Smörgåsbord |
