The lectures and readings listed here are subject to change, including in response to current events (i.e., major new security holes).
Sep 08
Introduction
  • Text, Chapter 1
Sep 13
Access Control
  • Text, Chapter 2
  • The man page for Linux access control lists; run 'man 5 acl' on the CLIC machines
Sep 15
Complex Access Control
Sep 20
Privileges
Sep 22
Introduction to Cryptography
Sep 27
Authentication
Sep 29
Biometrics; Authentication as a Systems Problem
Oct 06
Secure Programming I
Oct 11
Secure Programming II
Oct 13
Protecting the Client
Oct 20
Cryptographic Engineering
Oct 25
Midterm
Oct 27
Security and Usability
Nov 03
Architecture
Nov 08
Confinement
Nov 10
Viruses and Trojan Horses
Readings mentioned in class:
Nov 17
Program Structure II
Nov 22
Security Analysis I
Nov 24
Security Analysis II
Nov 29
Physical and Procedural Security
Dec 01
Logging
Dec 06
After an Attack
  • "The Taking of Clark", Chapter 17, Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin, Second Edtion, Addison-Wesley, 2003.
  • "File System Analysis", Chapter 4, Forensic Discovery, Dan Farmer and Wietse Venema, Addison-Wesley 2004. Read Chapter 4.
  • Playing "Hide and Seek" with Stored Keys, Adi Shamir and Nicko van Someren, Proceedings of the Third International Conference on Financial Cryptography, 1999. (Recommended)
Dec 13
Final Exam
    If having the exam on the last day of class is a problem for you, please contact me directly.