| Date | Syllabus | Reading | Note |
|---|---|---|---|
| Jan 19 | Overview, Basic Concepts in Security, Why Security is Hard |
Optional reading: Why Information Security is Hard - An Economic Perspective The Protection of Information in Computer Systems | |
| Jan 26 | Access Control and Capabilities (Guest lecturer Mark S. Miller, Slides) |
Assignment Paradigm Regained:Abstraction Mechanisms for Access Control, Mark S. Miller, Jonathan S. Shapiro. Optional reading: The Confused Deputy, Hardy Access Control (v0.1), Laurie. | Project groups formed |
| Feb 02 | Reference Monitor and Sandbox (Guest lecturer Ulfar Erlingsson) |
Assignment Adapting Software Fault Isolation to Contemporary CPU Architectures David Sehr, Robert Muth, Cliff Biffle, Victor Khimenko, Egor Pasko, Karl Schimpf, Bennet Yee, Brad Chen Evaluating SFI for a CISC Architecture Stephen McCamant, Greg Morrisett | |
| Feb 09 | Trusted Computing/Trusted Hardware Note: This lecture is re-scheduled to MON 4-6PM FEB 7, location: 405 Soda |
Assignment BIND: A Fine-grained Attestation Service for Secure Distributed Systems. Elaine Shi, Adrian Perrig, Leendert Van Doorn. TrustVisor: Efficient TCB Reduction and Attestation. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig | Project proposal due |
| Feb 16 | Information flow |
Assignment Improving Application Security with Data Flow Assertions Pointless Tainting? Evaluating the Practicality of Pointer Tainting Information Flow Control for Standard OS Abstractions Optional reading: Quantitative information flow as network flow capacity Measuring Channel Capacity to Distinguish Undue Influence Making information flow explicit in HiStar | |
| Feb 23 | Privilege Separation |
Assignment Preventing Privilege Escalation Privtrans: Automatic Privilege Separation | |
| Mar 02 | Web Security(I) Basics (Guest lecturer Adam Barth) |
Assignment Towards a Formal Foundation of Web Security Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites Principles of the Same-Origin Policy Optional reading: The Security Architecture of the Chromium Browser | |
| Mar 09 | Web Security(II) Authentication and protocol analysis (Guest lecturer Dirk Balfanz) |
Assignment Prudent engineering practice for cryptographic protocols, Abadi, Needham Optional reading: Why Cryptosystems Fail, Anderson | |
| Mar 16 | Out of town. No class. |
| |
| Mar 23 | Spring Break: No Lecture | ||
| Mar 30 | Web Security(III) Vulnerability Analysis |
Assignment Toward Automated Detection of Logic Vulnerabilities in Web Applications A Symbolic Execution Framework for JavaScript Optional reading: Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Security for GWT Applications Separating Web Applications from User Data Storage with BStore An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications. Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham An Analysis of Private Browsing Modes in Modern Browsers | Project milestone |
| Apr 06 | Mobile Security |
Assignment TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones PiOS: Detecting Privacy Leaks in iOS Applications Optional Reading: A Methodology for Empirical Analysis of the Permission-Based Security Models and its Application to Android | |
| Apr 13 | Security and Privacy in Healthcare |
Assignment (1) H. DeYoung, D. Garg, L. Jia, D. Kaynar, A. Datta, Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws, in Proceedings of 9th ACM Workshop on Privacy in the Electronic Society, October 2010 (2) D. Garg, L. Jia, A. Datta, A Logical Method for Policy Enforcement over Evolving Audit Logs, Technical Report arXiv:1102.2521, February 2011. Optional Reading: J. Blocki, N. Christin, A. Datta, A. Sinha, Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection, to appear in Proceedings of the 24th IEEE Computer Security Foundations Symposium, June 2011. | |
| Apr 20 | Social Network Security, misc |
Assignment Facebook Immune System. Tao Stein, Erdong Chen, Karan Mangla Optional Reading: xBook: Redesigning privacy control in social networking platforms | |
| Apr 27 | Project Presentation | ||