This page is organized by the weeks of the quarter in which lectures were given and papers assigned. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher
I will be lecturing on these subjects during the class. Since I'm choosing them as we go along, the research papers I am assigning are not listed here, but are listed below with the lecture slides. `
As promised, here are some sample tests that I have given in the past for this class. The final will have a similar format. Some of these exams discuss issues we didn't get around to in class, such as intrusion detection systems. The actual final for this class will cover only material in this quarter's lectures or reading materials.
I've also provided links to the lectures I planned to give these days. These are the lectures I gave last year, and I'd intended to update them, but I don't have time before I have to leave. You will not be tested on the material in these two lectures. They're provided merely to give you at least something to read on two important topics that should be covered in any security class.
Distributed denial of service attacks.
Lecture 13 Better late than never.
Papers:
How to Own the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, Nicholas Weaver, 11th Usenix Security Symposium, August 2002.
Web links:
A Snapshot of Global Internet Worm Activity A technical report by Dug Song, Rob Malan, and Robert Stone, Nov. 13, 2001.
The Internet Worm Program: An Analysis A technical report by Eugene Spafford, 1988.
This lecture should now be up in the form I actually delivered it. (Well, some remains to be delivered, but you get the idea.)
Web Links: RFC 2401: Security Architectture for the Internet Protocol.
RFC 2402: IP Authentication Header.
RFC 2406: IP Encapsulating Security Payload (ESP) .
No class on Monday due to Presidents Day holiday.
Papers:
Lessons Learned in Implementing and Deploying Crypto Software, Peter Gutmann, Usenix Security 02, August 2002.
Web Links:
10 Risks of PKI: What You're Not Being Told About Public Key Infrastructure An article by Carl Ellison and Bruce Schneier.
A rebuttal to Ellison and Schneier's article on the risks of PKI .
Web links:
An essay on the value of using known and proven cryptography by Bruce Schneier. It's part of a longer message. You are only required to read this essay.
Textbook: Chapter 12 (pages 200-222) (We're jumping around again. This time I don't guarantee we'll catch up with all the ones we skipped.)
A good description of public key cryptography, courtesy of Netscape.
A description of the Rijndael cipher.
No lectures or readings for this week.
Textbook: Chapter 2 (pages 19-28) (See, I told you we'd get back to it.)
Web links:
Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino, "Impact of Artificial "Gummy" Fingers on Fingerprint Systems.", Proceddings of SPIE Vol. 4677, January 2002.
Textbook: Chapter 5 (pages 60-78)
Web links:
Exploiting Windows NT 4 Buffer Overruns, A Case Study RASMAN.EXE.
Wright et. al., Linux Security Modules: General Security for the Linux Kernel,, 11th Usenix Security Symposium, San Francisco, CA, August 2002.
Note: These and all subsequent slides will be posted in PDF, not Postscript, as stated in the lecture.
January 8, 2003
Textbook: Chapter 3 (pages 30-44) (Yes, we skipped chapter 2. We'll get back to it, but it won't do you any harm if you read it early.)
January 6, 2003
Textbook: Chapter 1 (pages 3-17)
Web links:
Improving the Security of Networked Systems, Julia Allen, Christopher ALberts, Sandi Behrens, Barbara Laswell, and William Wilson.
Why Computers Are Insecure, Bruce Schneier. (The link leads to an entire web page on various security subjects. Read it all, if you want. You are only required to read this essay, however, which is around a page and a half.)
Methods of Hacking: Social Engineering, Rick Nelson.
Social Engineering Fundamentals Sarah Granger.