Spring 2014: Network Security and Privacy (53870)

Lectures

Tue and Thu: 11a-12:30p
PAR 203

Instructor

Vitaly Shmatikov
Email: shmat AT cs
Office: GDC 6.812
Office hours: Tue 1-2p
Phone: 512-471-9530

TA

Oliver Jensen
Email: ojensen AT cs
Office: GDC 6.818A
Office hours: Wed 11a-12n

Updated May 14

Schedule

Date	Topic	Reading and assignments	Notes
Jan 14	Course logistics and introduction	Read Kaufman 1.5 Start reading Smashing the stack for fun and profit	[ppt] [pdf]
Jan 16	Passwords, security questions, challenge-response	Read Kaufman 9.1-2, 10, 11.1-2, and 12.2	[ppt] [pdf]
Jan 21	Cryptographic hash functions	Read Kaufman 5.1-2 and 5.6-7	[ppt] [pdf]
Jan 23	Biometrics		[ppt] [pdf]
Jan 30	Phishing		[ppt] [pdf]
Feb 4	Web security model	Read Rootkits for JavaScript environments and Beware of finer-grained origins	[ppt] [pdf]
Feb 6	Web authentication and session management	Read Kaufman 25 and Dos and don'ts of client authentication	[ppt] [pdf]
Feb 11	Cross-site request forgery, SQL injection, cross-site scripting	Homework 1 due Read Robust defenses for cross-site request forgery, Advanced SQL injection, Cross site scripting explained, and Postcards from the post-XSS world	[ppt] [pdf]
Feb 13	Logic flaws in Web applications
Feb 18	Clickjacking	Read Next generation clickjacking and Clickjacking: attacks and defenses	[ppt] [pdf]
Feb 20	Online tracking	Read Third-party web tracking and Cookieless monster	[ppt] [pdf]
Feb 25	Symmetric encryption	Read Kaufman 2.1-4 and 4.2	[ppt] [pdf]
Feb 27	Kerberos	Project 1 due Read Kaufman 13 and 14, and Designing an authentication system	[ppt] [pdf]
Mar 6	Midterm
Mar 18	Memory corruption attacks	Read Smashing the stack, Once upon a free(), and Exploiting format string vulnerabilities	[ppt] [pdf]
Mar 20	Defenses against memory attacks
Mar 25	Viruses and rootkits	Project 2 (part 1) due	[ppt] [pdf]
Apr 1	Spam		[ppt] [pdf]
Apr 3	Attacks on TCP/IP, DNS, BGP Denial of service	Project 2 (part 2) due Read SYN cookies, IP spoofing demystified, It's the end of the cache as we know it	[ppt] [pdf]
Apr 8	Worms and botnets		[ppt] [pdf]
Apr 10	Stuxnet	Read Stuxnet dossier	[ppt] [pdf]
Apr 15	Firewalls and intrusion detection	Read Kaufman 23	[ppt] [pdf]
Apr 17	Stream ciphers Attacks on 802.11b/WEP, CSS, MIFARE	Homework 2 due	[ppt] [pdf]
Apr 22	Public-key cryptography	Read Kaufman 6.1-6	[ppt] [pdf]
Apr 24	SSL and certificates	Read Kaufman 15.1-7 and 19	[ppt] [pdf]
Apr 29	Anonymity networks		[ppt] [pdf]
May 1	Side-channel attacks: acoustics and reflections	Homework 3 due	[ppt] [pdf]
May 12 (Mon, 2pm, RLM 5.104)	Final