Schedule and Assignments (Autumn 2018)

This schedule is subject to change. Please check back frequently.


Week Date Topics Instructor Assignment CMSC 33250 Readings
Week 1 Oct. 1 The Security Mindset; Threat Modeling [slides] Blase -- Due 10/5 @ 10:30am:
• Manadhata and Wing. An Attack Surface Metric. CMU-CS-05-155, 2005.
Oct. 3 Overview of Cryptography [slides] David --
Oct. 5 Block ciphers; AES [slides] David --
Week 2 Oct. 8 Symmetric Authentication (MAC and Authenticated Encryption) [slides] David -- Due 10/12 @ 10:30am:
• AlFardan et al. On the Security of RC4 in TLS. USENIX Security Symposium, 2013.
Oct. 10 Attacks on Implementations of Symmetric Encryption; Hash Functions [slides] David Assignment 1 released
Oct. 12 Public-Key Encryption [slides] David --
Week 3 Oct. 15 Key Exchange and Digital Signatures [slides] David -- Due 10/19 @ 10:30am:
• Heninger et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. USENIX Security, 2012.
Oct. 17 RSA Vulnerabilities [slides] David Assignment 1 due;
Assignment 2 released
Oct. 19 Additional Topics in Cryptography [slides] David --
Week 4 Oct. 22 Networking Basics [slides] Ben -- Due 10/26 @ 10:30am:
• Singh et al. Automated Worm Fingerprinting. OSDI, 2004.
• Vrable et al. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. SOSP, 2005.
Oct. 24 Basic Network Attacks [slides] Ben Assignment 2 due;
Oct. 26 DNS, BGP attacks [slides] Ben --
Week 5 Oct. 29 Denial of Service Attacks, IP traceback [slides] Ben Assignment 3 released Due 11/2 @ 10:30am:
• Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. IEEE S&P, 2012.
Oct. 31 Access Control and Authentication 1: Passwords [slides] Blase
Nov. 2 Access Control and Authentication 2: Multi-factor Auth; Biometrics; Role-Based Access Control [slides (continued from Oct. 31)] Blase --
Week 6 Nov. 5 How the Modern Web Works [slides] Blase -- Due 11/9 @ 10:30am:
• Lauinger et al. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. NDSS, 2017.
Nov. 7 Web Security Attacks and Defenses [slides] Blase Take-home midterm released
Nov. 9 Web Privacy Attacks and Defenses [slides (continued from Nov. 7)] Blase --
Week 7 Nov. 12 Web Attacks Continued [slides (continued from Nov. 9)] Blase Take-home midterm due; Assignment 3 due;
Assignment 4 released
Due 11/16 @ 10:30am:
• Egele et al. A Survey on Automated Dynamic Malware-Analysis Techniques and Tools. ACM CSUR 44(2): 6, 2012.
• Cha et al. Unleashing MAYHEM on Binary Code. IEEE S&P, 2012.
Nov. 14 Software Security [slides] Blase --
Nov. 16 Crimeware and Botnets [slides] Ben --
Week 8 Nov. 19 Crimeware and Botnets cont. [slides] Ben Assignment 4 due (Nov. 20th); Due 11/21 @ 10:30am:
• Kanich et al. Spamalytics: An Empirical Analysis of Spam Marketing Conversion. CCS, 2008.
• Portnoff et al. Automated Analysis of Cybercriminal Markets. WWW, 2017.
Nov. 21 Anonymous Routing [slides] Ben --
Nov. 23 Modeling Security Threats to Turkeys
(No class; Happy Thanksgiving!)
-- --
Week 9 Nov. 26 Intro to Adversarial Machine Learning [slides] Ben -- --
Nov. 28 Adversarial Deep Learning [slides] Ben Assignment 5 released
Nov. 30 Current Topics in Cryptography and Cryptocurrencies [slides] David --
Week 10 Dec. 3 Privacy as a Societal Value [slides] Blase -- --
Dec. 5 Current Topics in Web Security, Usable Security, and Software Security [slides (Continued from Dec. 3)] Blase Assignment 5 due
Exams Dec. 10 Closed-book final exam (10:30a-12:30p in Ryerson 251) -- Study for the final