Assigned readings for CS261
- Wed 30 Aug:
- Reflections
on trusting trust, Thompson.
- Mon 4 Sept:
- No readings, no class (Labor Day).
- Wed 6 Sept:
- The protection of information in computer systems, Saltzer and Schroeder.
- Rudimentary treatise on the construction of locks, Tomlinson.
- Mon 11 Sept:
- Protection, Lampson.
- Wed 13 Sept:
- Excerpts from the Orange Book
- A note on the confinement problem, Lampson.
- Mon 18 Sept:
- Security
Problems in the TCP/IP Protocol Suite, Bellovin.
[also available in html and pdf]
- A simple active attack against
TCP, Joncheray.
- Wed 20 Sept:
- Improving the security of your site by breaking into it, Farmer and Venema.
- Using
the Domain Name System for System Break-ins, Bellovin.
- Mon 25 Sept:
- Network (In)Security Through IP Packet Filtering, Chapman.
- Wed 27 Sept:
- Chapter 3 of Firewalls and Internet Security:
Repelling the Wily Hacker, Cheswick and Bellovin.
- Mon 2 Oct:
- Bro:
A System for Detecting Network Intruders in Real-Time, Paxson.
- Wed 4 Oct:
- Why
Cryptosystems Fail, Anderson.
- Reminder: Homework #2 is due.
- Mon 9 Oct:
- Designing an Authentication System: a Dialogue in Four Scenes, Bryant.
- Cryptography on the Internet, Bellovin.
- Wed 11 Oct:
- StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,
Cowan, Pu, Maier, Hinton, Bakke, Beattie, Grier, Wagle, and Zhang.
[also in pdf]
- A
First Step Towards Automated Detection of Buffer Overrun
Vulnerabilities, Wagner, Foster, Brewer, and Aiken.
- Mon 16 Oct:
- Shifting
the odds: Writing (more) secure software,
slides to a talk by Bellovin.
- The Confused Deputy, Hardy.
[alternate location]
- Wed 18 Oct:
- Extensible security
architectures for Java, Wallach, Balfanz, Dean, Felten
[html,
pdf]
- Mon 23 Oct:
- Language-based security, Kozen.
- Java
security: from HotJava to Netscape, Dean, Felten, Wallach
[pdf]
- Project proposals due!
See here for more information.
- Wed 25 Oct:
- Efficient Software-Based Fault Isolation,
Wahbe, Lucco, Anderson and Graham.
Note: You may skip Section 5 (performance).
- Mon 30 Oct:
- No readings. (But you might want to read ahead...)
- The third homework is due!
- Wed 1 Nov:
- Proof-Carrying Code, Necula.
- Guest lecture from Prof. George Necula!
- Mon 6 Nov:
- Prudent
engineering practice for cryptographic protocols,
Abadi and Needham.
- Wed 8 Nov:
- Authentication in Distributed Systems: Theory and Practice,
Lampson, Abadi, Burrows, and Wobber.
Note: You may skip Sections 4.3, 5.2, 5.3, 6, 7.1, 7.2, 8, 9, and
the appendix.
- Mon 13 Nov:
- No readings. Happy project hacking.
- Wed 15 Nov:
- GSM
hack--operator flunks the challenge, Anderson.
- GSM Interception, Pesonen.
- Mon 20 Nov:
- No readings. Happy project hacking.
- Wed 22 Nov:
- Solutions for Anonymous
Communication on the Internet, Claessens, Preneel, Vandewalle.
- Mon 27 Nov:
- How to Hurt the Hackers:
The Scoop on Internet Cheating and How You Can Combat It, Pritchard.
- Wed 29 Nov:
- Last day of class.
- Mon 4 Dec
- No class!
- Wed 6 Dec
- No class!
- Mon 11 Dec
- Poster session, 2:00--4:00, Wozniak lounge.