CMSC 334: Computer Security
Fall 2018
MW 10:30 - 11:45 am, Ryland 213
Consulting Lab: F 10:30 - 11:20 am, Jepson G22
Tentative Lecture Schedule (subject to possibly much change):
| Date |
Topic |
Assignments Due |
Readings/Discussions (do readings before class!) |
Slides |
| Mon Aug 27 |
Goals of Security |
|
|
Introduction.pdf
IntroductionPart2.pdf |
| Wed Aug 29 |
More Goals of Security |
|
P & P 1.1-1.3
Paper: Reflections on Trusting Trust, Thompson
Paper: Efficient Reading of Papers in Science and Technology, Hanson
Handout: Security_Introduction.pdf
27th Usenix Security Symposium Keynote Address: Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?
A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models, Professor James Mickens, Harvard University,
August 15, 2018. |
|
| Mon Sept 3 |
Program Security: Intro, Buffer Overflows, Other Program Errors |
|
P & P 3.0-3.2
Handout: Buffer_overflows_and_memory_safety.pdf
Paper: Smashing the Stack for Fun and Profit, Aleph One
|
ImplementationFlaws.pdf
SmashingTheStack.pdf
|
| Wed Sept 5 |
Principles of Secure Software |
|
P & P 3.5
Handout: PrinciplesForSecureSystems.pdf
Project: Project 1 [PDF], VM:
cs334-fall2016-vm.zip |
SecurityPrinciples.pdf |
| Mon Sept 10 |
|
|
|
|
| Wed Sept 12 |
Introduction to Cryptography |
|
|
CryptographyFoundations.pdf |
| Mon Sept 17 |
Building Good Encryption Algorithms, DES, AES |
|
Reading:
Why Cryptosystems Fail, Anderson
Handout: IntroductionAndSymmetricCiphers.pdf |
DESFall2014.pdf |
| Wed Sept 19 |
|
|
Optional: An Introduction to Probabilistic Encryption [PDF] by Fuchsbauer |
|
| Mon Sept 24 |
Public Key Cryptography |
|
Reading:
The Geometry Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86),
Shacham |
PublicKeyCryptography.pdf |
| Wed Sept 26 |
|
|
|
|
| Mon Oct 1 |
MACs and Key Management |
|
|
MACs_and_key_management.pdf |
| Wed Oct 3 |
|
|
|
|
| Mon Oct 8 |
Secure Pseudorandom Number Generation |
|
|
RandomNumberGeneration.pdf |
| Wed Oct 10 |
|
|
|
|
| Mon Oct 15 | FALL BREAK! |
| Wed Oct 17 | NO LECTURE: PROF S AT CONFERENCE! |
| Mon Oct 22 |
|
|
|
|
| Wed Oct 24 |
Networks Overview |
|
|
NetworkingOverview.pdf |
| Mon Oct 29 |
|
|
|
|
| Wed Oct 31 |
E-Voting |
|
|
E-Voting.pdf |
| Mon Nov 5 |
|
|
|
|
| Wed Nov 7 |
Network Attacks |
|
|
NetworkAttacks.pdf |
| Mon Nov 12 |
|
|
|
|
| Wed Nov 14 |
|
|
|
|
| Mon Nov 19 |
Viruses and Worms |
|
|
VirusesAndWorms.pdf |
| Wed Nov 21 | THANKSGIVING BREAK! |
| Mon Nov 26 |
Final Project Talks |
|
|
|
| Wed Nov 28 |
|
|
|
|
| Mon Dec 3 |
|
|
Alexandru and Thang: Large-Scale_and_Language-Oblivious_Code_Authorship_Identification, Mohammed Abuhamad, Tamer AbuHmed, Aziz Mohaisen, and DaeHun Nyang, ACM CCS 2018
Greg and Alec: BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid, Saleh Soltan, Prateek Mittal, and H. Vincent Poor, 27th Usenix Security Symposium
Lawson and Arda: Skill Squatting Attacks on Amazon Alexa,
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, and Michael Bailey, 27th Usenix Security Symposium
|
|
| Wed Dec 5 |
Final Project Talks |
|
Lillie and Renae: Meltdown: Reading Kernel Memory from User Space, Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, 27th Usenix Security Symposium
Aaqil and Bilawal: Sonar: Detecting SS7 Redirection Attacks With Audio-Based Distance Bounding, Christian Peeters, Hadi Abdullah, Nolen Scaife, Jasmine Bowers, Patrick Traynor, Bradley Reaves, Kevin Butler, 39th IEEE Symposium on Security and Privacy
Emily and Paul: When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries, Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt, and Arvind Narayanan, 2018 ISOC NDSS
|
|
|
|