Key: L=Lecture; B=Bishop; FSK=Ferguson, Schneier, and Kohno; HAC=Handbook of Applied Cryptography; PP=Pfleeger and Pfleeger; S=Schneider.

Introduction to Security
01/27/16
| L1: Introduction to security [slides] [syllabus] [notes] [S1] [B1] 
02/01/16
| L2: Beyond attacks [slides] [notes] [PP1] [Mulligan and Schneider 2011
02/03/16
| L3: Principles [slides] [notes] [B12] [Lampson 2004] [Saltzer and Schroeder 1975
02/08/16
| L4: Goals and requirements [slides] [notes] [Haley et al. 2008
02/10/16
| L5: Assurance [slides] [B17,18] [FindBugs talk by Pugh] [Ayewah et al 2007] [Lipner 2015
02/15/16
| No class: February Break
Cryptography
02/17/16
| L6: Symmetric-key encryption [slides] [notes] [FSK1–3] [B8] [HAC1,7
02/22/16
| L7: Asymmetric-key encryption [slides] [notes] [FSK4,10–12] [B10] [HAC8
02/24/16
| L8: MACs and digital signatures [slides] [notes] [FSK5–6] [HAC9,11
02/29/16
| L9: Secure channel [slides] [notes] [FSK7,13,14] [Boyd and Mathuria chapter 1] [HAC12
03/02/16
| L10: Protocols [slides] [notes] [Abadi and Needham 1995] [Diffie and Hellman 1976
Audit
03/07/16
| L11: Logging [slides] [notes] [B21] [NIST SP 800-92
03/09/16
| L12: Review [slides] [notes] [B22] [Kemmerer and Vigna 2002
Authentication
03/14/16
| L13: Humans [slides] [notes] [S5] [B11] [Wayman 2008
03/16/16
| L14: Passwords [slides] [notes] [NIST SP 800-63-2] [FSK21] [HAC10
03/21/16
| L15: Passwords, part 2 [slides] [notes] [Weir et al. 2010] [Kelley et al. 2012] [Bonneau et al. 2012
03/23/16
| L16: Tokens [slides] [notes
03/28/16
| No class: Spring Break
03/30/16
| No class: Spring Break
04/04/16
| L17: Certificates [slides] [notes] [B9,13] 
04/06/16
| L18: Certificate authorities [slides] [notes] [FSK18–20] [Gutmann 2002] [old SSL notes] [Clark and van Oorschot 2013
Authorization
04/11/16
| L19: Discretionary access control (guest lecturer: Prof. Schneider) [notes] [S7] [B2] 
04/13/16
| L20: Capabilities (guest lecturer: Prof. Schneider) [notes] [B14] 
04/18/16
| L21: Mandatory access control [slides] [notes] [S8] [B5–7] [Bell 2005
04/20/16
| L22: Mandatory access control, part 2 [slides] [notes] [Anderson 1996
04/25/16
| L23: Information-flow policies [slides] [Mantel 2003, chapter 2] [Denning 1976] [Lampson 1973] [B16] 
04/27/16
| L24: Information-flow control [slides] [B15] [Myers 1999, sections 1 and 2
05/02/16
| L25: An information-flow type system [slides] [Smith 2006] [old notes
Research
05/04/16
| L26: Information flow in Android apps [slides] [Micinski, Fetter-Degges, Jeon, Foster, and Clarkson 2015] [Cadar and Sen 2013] [Fisher 2011
05/09/16
| L27: Hyperproperties [slides] [Clarkson and Schneider 2010] [Clarkson et al. 2014
05/11/16
| L28: Electronic voting [slides] [course wrapup] [Clarkson et al. 2007
THE END
05/16/16
| Final Exam: 2–4:30 pm, Gates G01

Assignments