Lecture Schedule

The syllabus below is subject to change as the semester progresses. For dates in the past, it reflects what has been covered; for dates in the future, it reflects potential topics which I might cover.

You are responsible for all the material referenced below, even if it not explicitly covered in class. (You are, of course, also responsible for material covered in class, even if it is not covered in the reading material below.) "KPS" refers to "Network Security: Private Communication in a Public World" (2nd edition), by Kaufman, Perlman, and Speciner.

I provide a copy of my slides for convenience. Looking at these slides is not a substitute for attending lectures; the slides are just a guideline to what was covered in class.

Lecture Date Summary and Reading

Security Basics and Course Overview

1 Jan 29 Introduction, course overview, and why security is harder than it looks

Cryptography: Its Uses and Limitations

2 Jan 31 Introduction to cryptography
3 Feb 5 JCA; Private-key encryption basics
4 Feb 7 Private-key encryption, message authentication
5 Feb 12 Message authentication, hashing, Diffie-Hellman key exchange
6 Feb 14 The public-key setting; public-key encryption
7 Feb 19 Digital signatures. Crypto pitfalls The following articles are completely optional, and are intended for those who enjoy this sort of material
8 Feb 21 Crypto pitfalls The following articles are completely optional, and are intended for those who enjoy this sort of material

System Security

9 Feb 26 General principles, access control
10 Feb 28 Access control
11 Mar 4 Midterm review. Access control
*** Mar 6 Midterm exam
12 Mar 11 Exam review. Access control, trusted computing

Network Security

13 Mar 13 Memory protection. Network security/authentication
14 Mar 25 Authentication techniques
15 Mar 27 Authentication techniques
16 Apr 1 Authentication and key exchange
17 Apr 3 Authentication and key exchange; mediated key exchange; cookie authentication
18 Apr 8 PKI and certification authorities
19 Apr 10 Revocation. Deniability
20 Apr 15 Zero-knowledge and deniability. Anonymity
21 Apr 17 Anonymity The following are optional:
*** Apr 22 Midterm exam

Database Security

22 Apr 24 Database security The following is optional

Programming-Language and Application-Level Security

23 Apr 29 Database security. PL security, buffer overflows The following are optional:
24 May 1 Buffer overflows and XSS attacks, and defenses (guest lecture by Prof. Mike Hicks)

Network Security in Practice

25 May 6 Finish up PL security. Intrusion detection and firewalls
26 May 8 Network secuity issues. IPSec
  • Slides for lecture 26
  • KPS, Chapter 16; Sections 17.1, 17.2.2, 17.3.1, 17.3.2, 17.5
  • For more details about network layers, see any book on computer networking; e.g., Section 1.3 of "Computer Networks, a Systems Approach (3rd edition)," by Peterson and Davie. See aso here
27 May 13 IKE, SSL
*** May 19 Final exam, 10:30-12, CSIC 1122