Key: L=Lecture; B=Bishop; FSK=Ferguson, Schneier, and Kohno; HAC=Handbook of Applied Cryptography; PP=Pfleeger and Pfleeger; S=Schneider.
Introduction to Security |
01/25/17 | L1: Introduction to security [slides] [syllabus] [notes] [S1] [B1] [Piazza policy] [thoughtful questions] |
01/30/17 | L2: Beyond attacks [slides] [notes] [PP1] |
02/01/17 | L3: Principles [slides] [notes] [B12] [Mulligan and Schneider 2011] [Lampson 2000] [Saltzer and Schroeder 1975] |
02/06/17 | L4: Goals and requirements [slides] [notes] [Haley et al. 2008] [Mead et al. 2005] |
02/08/17 | L5: Assurance [slides] [notes] [Anderson 2008, ch. 26] [Lipner 2015] [B17,18] [Pugh 2006] [Ayewah et al. 2007] |
Cryptography |
02/13/17 | L6: Symmetric-key encryption [slides] [notes] [FSK1–3] [B8] [HAC1,7] |
02/15/17 | L7: Block cipher modes and asymmetric-key encryption [slides] [notes] [FSK4,10–12] [B10] [HAC8] |
02/20/17 | No class: February Break |
02/22/17 | L8: MACs and digital signatures [slides] [notes] [FSK5–6] [HAC9,11] |
02/27/17 | L9: Secure channel [slides] [notes] [FSK7] |
03/01/17 | L10: Key establishment [slides] [notes] [Boyd and Mathuria chapter 1] [FSK14] [HAC12] |
03/06/17 | L11: Protocol design [slides] [notes] [Abadi and Needham 1995] [FSK13] [Quaglia and Smyth 2017] [Clarkson et al. 2007] |
Authentication |
03/08/17 | L12: Humans [slides] [notes] [S5] [Wayman 2008] [Anderson 2008, ch. 15] [B11] |
03/13/17 | L13: Passwords [slides] [notes] [FSK21] [HAC10] [NIST SP 800-63-2] |
03/15/17 | No class: Snow day |
03/20/17 | L14: Passwords, part 2 [slides] [notes] [Weir et al. 2010] [Kelley et al. 2012] [Bonneau et al. 2012] [NIST SP 800-63-3 Draft] |
03/22/17 | L15: Tokens [slides] [notes] [Anderson 2008, section 3.3] [Lamport 1981] [Alrabady and Mahmud 2005] |
03/27/17 | L16: Certificates [slides] [notes] [B9,13] |
03/29/17 | L17: Certificates, part 2 [slides] [notes] [FSK18–20] [Gutmann 2002] [old SSL notes] [Clark and van Oorschot 2013] |
04/03/17 | No class: Spring Break |
04/05/17 | No class: Spring Break |
Audit |
04/10/17 | L18: Logging [slides] [notes] [B21] [NIST SP 800-92] |
04/12/17 | L19: Review [slides] [notes] [Kemmerer and Vigna 2002] |
Authorization |
04/17/17 | L20: Discretionary access control (guest lecturer: Prof. Schneider) [notes] [S7] [B2] |
04/19/17 | L21: Discretionary access control, part 2 (guest lecturer: Prof. Schneider) [notes] [B14] |
04/24/17 | L22: Mandatory access control [slides] [notes] [S8] [B5–7] [Bell 2005] |
04/26/17 | L23: Mandatory access control, part 2 [slides] [notes] [Anderson 1996] |
05/01/17 | L24: Information-flow policies (guest lecturer: Elisavet Kozyri) [slides] [notes] [Lampson 1973] [B16] |
05/03/17 | L25: Information-flow control (guest lecturer: Elisavet Kozyri) [slides] [notes] |
05/08/17 | L26: Information-flow control, part 2 (guest lecturer: Elisavet Kozyri) [slides] [notes] [Denning 1976] [Sabelfeld and Myers 2003] [Myers 1999, sections 1 and 2] |
05/10/17 | L27: Information flow in Android apps [slides] [course wrapup] [Micinski, Fetter-Degges, Jeon, Foster, and Clarkson 2015] [Cadar and Sen 2013] [Fisher 2011] |
THE END |
05/18/17 | Final Exam: 9:00–11:30 am, Hollister B14 |