Assigned readings for CS261

Wed 30 Aug:
Reflections on trusting trust, Thompson.
Mon 4 Sept:
No readings, no class (Labor Day).
Wed 6 Sept:
The protection of information in computer systems, Saltzer and Schroeder.
Rudimentary treatise on the construction of locks, Tomlinson.
Mon 11 Sept:
Protection, Lampson.
Wed 13 Sept:
Excerpts from the Orange Book
A note on the confinement problem, Lampson.
Mon 18 Sept:
Security Problems in the TCP/IP Protocol Suite, Bellovin. [also available in html and pdf]
A simple active attack against TCP, Joncheray.
Wed 20 Sept:
Improving the security of your site by breaking into it, Farmer and Venema.
Using the Domain Name System for System Break-ins, Bellovin.
Mon 25 Sept:
Network (In)Security Through IP Packet Filtering, Chapman.
Wed 27 Sept:
Chapter 3 of Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick and Bellovin.
Mon 2 Oct:
Bro: A System for Detecting Network Intruders in Real-Time, Paxson.
Wed 4 Oct:
Why Cryptosystems Fail, Anderson.
Reminder: Homework #2 is due.
Mon 9 Oct:
Designing an Authentication System: a Dialogue in Four Scenes, Bryant.
Cryptography on the Internet, Bellovin.
Wed 11 Oct:
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Hinton, Bakke, Beattie, Grier, Wagle, and Zhang. [also in pdf]
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, Wagner, Foster, Brewer, and Aiken.
Mon 16 Oct:
Shifting the odds: Writing (more) secure software, slides to a talk by Bellovin.
The Confused Deputy, Hardy. [alternate location]
Wed 18 Oct:
Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten [html, pdf]
Mon 23 Oct:
Language-based security, Kozen.
Java security: from HotJava to Netscape, Dean, Felten, Wallach [pdf]
Project proposals due! See here for more information.
Wed 25 Oct:
Efficient Software-Based Fault Isolation, Wahbe, Lucco, Anderson and Graham.
Note: You may skip Section 5 (performance).
Mon 30 Oct:
No readings. (But you might want to read ahead...)
The third homework is due!
Wed 1 Nov:
Proof-Carrying Code, Necula.
Guest lecture from Prof. George Necula!
Mon 6 Nov:
Prudent engineering practice for cryptographic protocols, Abadi and Needham.
Wed 8 Nov:
Authentication in Distributed Systems: Theory and Practice, Lampson, Abadi, Burrows, and Wobber.
Note: You may skip Sections 4.3, 5.2, 5.3, 6, 7.1, 7.2, 8, 9, and the appendix.
Mon 13 Nov:
No readings. Happy project hacking.
Wed 15 Nov:
GSM hack--operator flunks the challenge, Anderson.
GSM Interception, Pesonen.
Mon 20 Nov:
No readings. Happy project hacking.
Wed 22 Nov:
Solutions for Anonymous Communication on the Internet, Claessens, Preneel, Vandewalle.
Mon 27 Nov:
How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It, Pritchard.
Wed 29 Nov:
Last day of class.
Mon 4 Dec
No class!
Wed 6 Dec
No class!
Mon 11 Dec
Poster session, 2:00--4:00, Wozniak lounge.