Key: L=Lecture; B=Bishop; FSK=Ferguson, Schneier, and Kohno; HAC=Handbook of Applied Cryptography; PP=Pfleeger and Pfleeger; S=Schneider.

Introduction to Security
01/25/17
| L1: Introduction to security [slides] [syllabus] [notes] [S1] [B1] [Piazza policy] [thoughtful questions
01/30/17
| L2: Beyond attacks [slides] [notes] [PP1
02/01/17
| L3: Principles [slides] [notes] [B12] [Mulligan and Schneider 2011] [Lampson 2000] [Saltzer and Schroeder 1975
02/06/17
| L4: Goals and requirements [slides] [notes] [Haley et al. 2008] [Mead et al. 2005
02/08/17
| L5: Assurance [slides] [notes] [Anderson 2008, ch. 26] [Lipner 2015] [B17,18] [Pugh 2006] [Ayewah et al. 2007
Cryptography
02/13/17
| L6: Symmetric-key encryption [slides] [notes] [FSK1–3] [B8] [HAC1,7
02/15/17
| L7: Block cipher modes and asymmetric-key encryption [slides] [notes] [FSK4,10–12] [B10] [HAC8
02/20/17
| No class: February Break
02/22/17
| L8: MACs and digital signatures [slides] [notes] [FSK5–6] [HAC9,11
02/27/17
| L9: Secure channel [slides] [notes] [FSK7
03/01/17
| L10: Key establishment [slides] [notes] [Boyd and Mathuria chapter 1] [FSK14] [HAC12
03/06/17
| L11: Protocol design [slides] [notes] [Abadi and Needham 1995] [FSK13] [Quaglia and Smyth 2017] [Clarkson et al. 2007
Authentication
03/08/17
| L12: Humans [slides] [notes] [S5] [Wayman 2008] [Anderson 2008, ch. 15] [B11
03/13/17
| L13: Passwords [slides] [notes] [FSK21] [HAC10] [NIST SP 800-63-2
03/15/17
| No class: Snow day
03/20/17
| L14: Passwords, part 2 [slides] [notes] [Weir et al. 2010] [Kelley et al. 2012] [Bonneau et al. 2012] [NIST SP 800-63-3 Draft
03/22/17
| L15: Tokens [slides] [notes] [Anderson 2008, section 3.3] [Lamport 1981] [Alrabady and Mahmud 2005
03/27/17
| L16: Certificates [slides] [notes] [B9,13
03/29/17
| L17: Certificates, part 2 [slides] [notes] [FSK18–20] [Gutmann 2002] [old SSL notes] [Clark and van Oorschot 2013
04/03/17
| No class: Spring Break
04/05/17
| No class: Spring Break
Audit
04/10/17
| L18: Logging [slides] [notes] [B21] [NIST SP 800-92
04/12/17
| L19: Review [slides] [notes] [Kemmerer and Vigna 2002
Authorization
04/17/17
| L20: Discretionary access control (guest lecturer: Prof. Schneider) [notes] [S7] [B2
04/19/17
| L21: Discretionary access control, part 2 (guest lecturer: Prof. Schneider) [notes] [B14
04/24/17
| L22: Mandatory access control [slides] [notes] [S8] [B5–7] [Bell 2005
04/26/17
| L23: Mandatory access control, part 2 [slides] [notes] [Anderson 1996
05/01/17
| L24: Information-flow policies (guest lecturer: Elisavet Kozyri) [slides] [notes] [Lampson 1973] [B16
05/03/17
| L25: Information-flow control (guest lecturer: Elisavet Kozyri) [slides] [notes
05/08/17
| L26: Information-flow control, part 2 (guest lecturer: Elisavet Kozyri) [slides] [notes] [Denning 1976] [Sabelfeld and Myers 2003] [Myers 1999, sections 1 and 2
05/10/17
| L27: Information flow in Android apps [slides] [course wrapup] [Micinski, Fetter-Degges, Jeon, Foster, and Clarkson 2015] [Cadar and Sen 2013] [Fisher 2011
THE END
05/18/17
| Final Exam: 9:00–11:30 am, Hollister B14

Assignments