Schedule and Assignments (Autumn 2018)
This schedule is subject to change. Please check back frequently.
| Week | Date | Topics | Instructor | Assignment | CMSC 33250 Readings |
|---|---|---|---|---|---|
| Week 1 | Oct. 1 | The Security Mindset; Threat Modeling [slides] | Blase | -- | Due 10/5 @ 10:30am: • Manadhata and Wing. An Attack Surface Metric. CMU-CS-05-155, 2005. |
| Oct. 3 | Overview of Cryptography [slides] | David | -- | ||
| Oct. 5 | Block ciphers; AES [slides] | David | -- | ||
| Week 2 | Oct. 8 | Symmetric Authentication (MAC and Authenticated Encryption) [slides] | David | -- | Due 10/12 @ 10:30am: • AlFardan et al. On the Security of RC4 in TLS. USENIX Security Symposium, 2013. |
| Oct. 10 | Attacks on Implementations of Symmetric Encryption; Hash Functions [slides] | David | Assignment 1 released | ||
| Oct. 12 | Public-Key Encryption [slides] | David | -- | ||
| Week 3 | Oct. 15 | Key Exchange and Digital Signatures [slides] | David | -- | Due 10/19 @ 10:30am: • Heninger et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. USENIX Security, 2012. |
| Oct. 17 | RSA Vulnerabilities [slides] | David | Assignment 1 due; Assignment 2 released |
||
| Oct. 19 | Additional Topics in Cryptography [slides] | David | -- | ||
| Week 4 | Oct. 22 | Networking Basics [slides] | Ben | -- | Due 10/26 @ 10:30am: • Singh et al. Automated Worm Fingerprinting. OSDI, 2004. • Vrable et al. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. SOSP, 2005. |
| Oct. 24 | Basic Network Attacks [slides] | Ben | Assignment 2 due; |
||
| Oct. 26 | DNS, BGP attacks [slides] | Ben | -- | ||
| Week 5 | Oct. 29 | Denial of Service Attacks, IP traceback [slides] | Ben | Assignment 3 released | Due 11/2 @ 10:30am: • Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. IEEE S&P, 2012. |
| Oct. 31 | Access Control and Authentication 1: Passwords [slides] | Blase | |||
| Nov. 2 | Access Control and Authentication 2: Multi-factor Auth; Biometrics; Role-Based Access Control [slides (continued from Oct. 31)] | Blase | -- | ||
| Week 6 | Nov. 5 | How the Modern Web Works [slides] | Blase | -- | Due 11/9 @ 10:30am: • Lauinger et al. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. NDSS, 2017. |
| Nov. 7 | Web Security Attacks and Defenses [slides] | Blase | Take-home midterm released | ||
| Nov. 9 | Web Privacy Attacks and Defenses [slides (continued from Nov. 7)] | Blase | -- | ||
| Week 7 | Nov. 12 | Web Attacks Continued [slides (continued from Nov. 9)] | Blase | Take-home midterm due; Assignment 3 due; Assignment 4 released |
Due 11/16 @ 10:30am: • Egele et al. A Survey on Automated Dynamic Malware-Analysis Techniques and Tools. ACM CSUR 44(2): 6, 2012. • Cha et al. Unleashing MAYHEM on Binary Code. IEEE S&P, 2012. |
| Nov. 14 | Software Security [slides] | Blase | -- | ||
| Nov. 16 | Crimeware and Botnets [slides] | Ben | -- | ||
| Week 8 | Nov. 19 | Crimeware and Botnets cont. [slides] | Ben | Assignment 4 due (Nov. 20th); | Due 11/21 @ 10:30am: • Kanich et al. Spamalytics: An Empirical Analysis of Spam Marketing Conversion. CCS, 2008. • Portnoff et al. Automated Analysis of Cybercriminal Markets. WWW, 2017. |
| Nov. 21 | Anonymous Routing [slides] | Ben | -- | ||
| Nov. 23 | Modeling Security Threats to Turkeys (No class; Happy Thanksgiving!) |
-- | -- | ||
| Week 9 | Nov. 26 | Intro to Adversarial Machine Learning [slides] | Ben | -- | -- |
| Nov. 28 | Adversarial Deep Learning [slides] | Ben | Assignment 5 released | ||
| Nov. 30 | Current Topics in Cryptography and Cryptocurrencies [slides] | David | -- | ||
| Week 10 | Dec. 3 | Privacy as a Societal Value [slides] | Blase | -- | -- |
| Dec. 5 | Current Topics in Web Security, Usable Security, and Software Security [slides (Continued from Dec. 3)] | Blase | Assignment 5 due | ||
| Exams | Dec. 10 | Closed-book final exam (10:30a-12:30p in Ryerson 251) | -- | Study for the final |