Lecture Schedule

The syllabus below is tentative, and is subject to change as the semester progresses. I will continually update it to reflect what we have covered in class thus far.

You are responsible for all the material referenced below, even if it not explicitly covered in class, unless it is explicitly marked 'optional'. "KPS" refers to "Network Security: Private Communication in a Public World" (2nd edition), by Kaufman, Perlman, and Speciner.

I provide a copy of my slides for convenience. They do not always include everything I cover in class! Looking at these slides is not a substitute for attending lectures. You are responsible for material covered in class, even if it is not covered in the reading material below.

Lecture Date Summary, Slides, and Reading

Security Basics and Course Overview

1 Aug 31 Introduction, course overview, and why security is harder than it looks

Cryptography: Its Uses and Limitations

2 Sept 2 Introduction to cryptography
*** Sept 7 No Classes -- Labor Day
3 Sept 9 JCA; Private-key encryption basics
4 Sept 14 Private-key encryption, message authentication
5 Sept 16 Message authentication, hashing, basic number theory
6 Sept 21 Diffie-Hellman key exchange; the public-key setting; public-key encryption
7 Sept 23 Public-key encryption, non-malleability
8 Sept 28 Rootkits and malware (guest lecture by Prof. Arbaugh)
9 Sept 30 Digital signatures. Crypto pitfalls The following articles are completely optional, and are intended for those who enjoy this sort of material:
10 Oct 5 Crypto pitfalls and case studies The following articles are completely optional:
11 Oct 7 Crypto pitfalls and case studies; circumventing crypto; side channel attacks The following articles are completely optional:

System Security

12 Oct 12 General principles, introduction to systems security The following article was discussed in class, but is completely optional:
13 Oct 14 Access control, ACLs vs. capabilities, access control models The following articles were discussed in class, but are completely optional:
14 Oct 19 Access control models, trusted computing

Database Security, Privacy, Anonymity

15 Oct 21 Database security The following is optional:
16 Oct 26 Anonymity, Tor, onion routing (guest lecture by Dr. Paul Syverson) Additional references (optional):
*** Oct 28 Midterm

Programming Language Security

17 Nov 2 Database privacy. Buffer overflow attacks The following are optional:
18 Nov 4 Buffer overflow attacks, SQL injection attacks The following are optional:

Network Security

19 Nov 9 Web security, XSS, XSRF, etc.
20 Nov 11 Authentication overview; password-based authentication
  • Slides for lecture 20
  • Reading for the next few lectures: KPS, Sections 9.1-9.6, 9.7.1,, 10.1-10.8, 10.10, 11.1-11.3, 12.2
21 Nov 16 Authentication protocols, password security The following paper is optional:
22 Nov 18 Authentication and key exchange; mediated key exchange
23 Nov 23 Authentication and key exchange
24 Nov 25 Protocols for mediated authentication. PKI and certification authorities

Network Security in Practice

25 Nov 30 PKI and certification authorities
26 Dec 2 Intrusion detection and firewalls
27 Dec 7 Network security protocols in practice. Introduction to Wireshark. SSL, IPsec, and IKE. Course summary.
  • Slides for lecture 27
  • KPS, Sections 16.1-16.3, 16.6-16.12; Sections 17.1, 17.2.2, 17.3.1, 17.3.2, 17.5, 18.4-18.6, 19.1-19.8
  • For more details about network layers, see any book on computer networking; e.g., Section 1.3 of "Computer Networks, a Systems Approach (3rd edition)," by Peterson and Davie. Or see here
28 Dec 9 Privacy-preserving advertising (guest lecture by Dave Levin)
*** Dec 16 Final exam, 1:30-3:30, CSIC 1121