Syllabus
This course covers selected topics related to theory and practice of
computer security. It is organized around 26 research papers taken
from the past 40 years of computer security research. These papers
reflect the instructor's personal taste and are not intended to give a
comprehensive survey of modern computer security.
- Lampson.
A Note on the Confinement Problem
(CACM 1973).
- Diffie and Hellman.
New Directions in Cryptography
(ToIT 1976).
- Denning and Denning.
Certification of Programs for Secure Information Flow
(CACM 1977).
- Yao.
Protocols for Secure Computations
(FOCS 1982).
- Lampson et al.
Authentication in Distributed Systems
(TOCS 1992).
- Abadi and Needham.
Prudent Engineering Practice for Cryptographic Protocols
(Oakland 1994).
- Lowe.
Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR
(TACAS 1996).
- Bernstein.
SYN Cookies
(1996).
- Liskov and Myers.
A Decentralized Model for Information Flow Control
(SOSP 1997).
- Cowan et al.
Buffer Overflows: Attacks and Defenses for the
Vulnerability of the Decade
(DISCEX 1999).
- Wagner and Dean.
Intrusion
Detection via Static Analysis
(Oakland 2001).
- Borisov, Goldberg, Wagner.
Intercepting
Mobile Communications: The Insecurity of 802.11
(MOBICOM 2001).
- Moore, Voelker, Savage.
Inferring Internet Denial-of-Service Activity
(USENIX Security 2001).
- Brumley and Boneh.
Remote
Timing Attacks are Practical
(USENIX Security 2003).
- Nissenbaum.
Privacy as Contextual Integrity
(Washington Law Review 2004).
- Dingledine, Mathewson, Syverson.
Tor: The Second-Generation Onion Router
(USENIX Security 2004).
- Kumar, Paxson, Weaver.
Exploiting
Underlying Structure for Detailed Reconstruction of an Internet-scale
Event
(IMC 2005).
- Abadi et al.
Control-Flow Integrity
(CCS 2005).
- Zhuang, Zhou, Tygar.
Keyboard Acoustic Emanations Revisited
(CCS 2005).
- Dwork.
Differential Privacy
(ICALP 2006).
- Shacham.
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)
(CCS 2007).
- Chen et al.
Overshadow: A Virtualization-Based Approach to
Retrofitting Protection in Commodity Operating Systems
(ASPLOS 2008).
- Barth and Jackson.
Beware of Finer-Grained Origins
(W2SP 2008).
- Halderman et al.
Lest We Remember: Cold Boot Attacks on Encryption Keys
(USENIX Security 2008).
- Yee et al.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
(Oakland 2009).
- Blazakis.
Interpreter Exploitation
(WOOT 2010).
An extra Web security paper by popular request:
Prerequisites
While there are no formal prerequisites for this course, students are
expected to have the basic understanding of the following areas:
- Computer systems at the level of an undergraduate operating systems
course.
- Fundamental concepts in cryptography such as cryptographically
strong hash functions and public-key cryptosystems.
- Basic complexity theory at the level of an undergraduate course in
the theory of computation.
Grading
This is a
project-oriented course. Students are expected to
complete an independent
project. A project
may involve a significant implementation, using an analysis tool to
investigate security of a real-world computer system or protocol, or a
substantial theoretical study.
- Homeworks: 40%
- Midterm: 15%
- Project: 45%
Late submission policy
All homeworks are due at the beginning of class on the due date. No late
submissions will be accepted.
Code of Conduct
UTCS
Code of
Conduct will be strictly enforced.