CMSC 414: Computer and Network Security

Home Syllabus Schedule Projects Resources Piazza

SCHEDULE

Date Topic Readings & handouts
Jan 26 Snow day
Jan 28 Introduction (slides) Required reading:
  • "Reflections On Trusting Trust", Ken Thompson, (pdf)
  • Chapter 1 of [Anderson]
Software Security
Feb 2 Buffer overflow attacks (slides) Required reading:
  • "Smashing the Stack for Fun and Profit", Aleph One (pdf)
Optional:
  • Example used in class: "Analysis of an Electronic Voting System", Kohno et al. (pdf)
Feb 4 Buffer overflow attacks and defenses (slides) Required reading:
  • "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks" (pdf)
Optional but very useful:
Feb 9 Memory safety: attacks and defenses (slides) Optional reading:
  • "Basic Integer Overflows" (phrack)
  • "Exploiting Format String Vulnerabilities" (pdf)
  • "Return-Oriented Programming" (paper) (slides)
Feb 11 Defensive programming (slides) Optional reading:
Feb 16 Malware: Viruses (slides) Required reading:
  • "Hunting for Metamorphic" (pdf)
Optional reading:
  • "A History of Computer Viruses - The Famous 'Trio'" (pdf)
Feb 18 Web Security: SQL Injection (slides) Optional reading:
  • "SQL Injection Attacks by Example" (www)
Feb 23 Web security: XSS & CSRF (slides) Required reading:
  • "Web security: Are you part of the problem?" (www)
  • "Cross-Site Request Forgery: An Introduction..." (pdf)
Feb 25 Principles of secure software design (slides) Required reading (further defines the design principles in the slides):
  • "Secure Programming for Linux and Unix HOWTO", Chapters 7.1-7.10 (www)
Mar 1 XSS attacks See readings and slides from Feb 23
Mar 3 Principles of secure software implementation (slides) and clickjacking (slides) Required reading:
  • Clickjacking: Attacks and defenses (pdf)
Optional reading:
  • vsftpd's design (www)
Mar 8 Open problems in software security
and Intro to cryptography
Cryptography
Mar 10 Symmetric key crypto:
Encryption and decryption
Required reading:
Mar 15 Spring break
Mar 17 Spring break
Mar 22 Midterm recap
Mar 24 Midterm 1: Software Security
Mar 29 Symmetric key crypto:
MACs
(same notes as above)
Mar 31 Symmetric key crypto:
Hash functions and authenticated encryption
(same notes as above)
Apr 5 Public key crypto:
Encryption, decryption, digital signatures, and PKIs (slides)
Required reading: Suggested Reading:
  • Twenty Years of Attacks on the RSA Cryptosystem (pdf)
Apr 7 Anonymity (notes) Optional reading:
  • "The Dining Cryptographers Problem" (pdf)
  • "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms" (pdf)
Apr 12 Anonymity (cont'd)
Required: same notes as above.
Optional reading:
  • "Tor: The Second-Generation Onion Router" (pdf)
Apr 14 Proving who you are: TLS/SSL, user authentication (slides) Required reading:
  • User authentication notes
Apr 19 Midterm recap and open problems in cryptography (slides) Suggested reading:
  • "An Empirical Study of Cryptographic Misuse in Android Applications" (pdf)
  • "Why Johnny Can't Encrypt" (pdf)
  • "Differential Power Analysis" (pdf)
  • "Lest We Remember: Cold Boot Attacks on Encryption Keys" (pdf)
Apr 21 Midterm 2: Cryptography
Network Security
Apr 26 Midterm recap; brief intro to networking
Apr 28 Networking background (slides)
May 3 Naming & DNS security (slides) Highly suggested reading:
  • An Illustrated Guide to the Kaminsky DNS Vulnerability (www)
May 5 TCP: background and security (slides) Optional reading:
  • Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse (pdf)
May 10 Underground economies & closing (slides) Optional reading:
  • Click Trajectories: End-to-end analysis of the spam value chain (pdf)
  • Show me the money: Characterizing spam-advertised revenue (pdf)
May 18 Final Exam: Cumulative


 

Web Accessibility