CS 660: Advanced Information Assurance
Spring 2011
Tuesdays & Thursdays, 11:15am–12:30pm
LGRC A310
LGRC A310
This graduate-level course (which is also part of the information assurance undergraduate track) covers key concepts in information assurance (IA) via cutting-edge and seminal research papers. The course's two goals are (1) to prepare students to conduct successful, publishable research in security and privacy and (2) to teach students how to build stronger systems by thinking like attackers. Topics include threat modeling, risk assessment, famous missteps, the economics of security, web security. Students will be evaluated based on three homeworks, five standalone in-class tests, a final project, and class participation including leading at least one discussion of a research paper.
Instructor: Ben Ransford, CS 226. Office hours: Tuesday and Thursday 12:30pm–1:30pm or by appointment.
Schedule
This schedule is subject to change. Unofficial schedule in iCal format for use with Google Calendar, iCal, or other calendar software: iCal-format calendar URL.
| Date | Topics | Reading & Notes | Deliverable(s) |
|---|---|---|---|
| 1/18 | Intro |
|
|
| 1/20 | How to read a paper |
|
|
| 1/25 | From bug to vulnerability |
|
Response to Novark |
| 1/27 | How not to run malicious code |
|
|
| 2/1 | Finding security problems; course project |
|
|
| 2/3 | Fuzz Testing | Response to Godefroid | |
| 2/8 | Web Security |
|
Response to Barth |
| 2/10 | Network Security |
|
Response to Bittau |
| 2/15 |
|
Project proposal | |
| 2/17 | Anonymity |
|
Homework #1 |
| 2/22 | No class (virtual Monday) | ||
| 2/24 | Side-Channel Attacks | Optical Time-Domain Eavesdropping Risks on CRT Displays (Kuhn, Oakland 2002) | Test #2 at beginning of class |
| 3/1 | Compromising Electromagnetic Emanations of Wired and Wireless Keyboards (Vuagnoux, USENIX Security 2009) | Response to Vuagnoux | |
| 3/3 |
|
Response to Kohno | |
| 3/8 | P2P Privacy |
|
Response to Geambasu |
| 3/10 |
|
Response to Isdal | |
| 3/15 | No class (spring break) | ||
| 3/17 | No class (spring break) | ||
| 3/22 | Trust |
|
Response to Sturton |
| 3/24 | Required: Go to Sam King lecture instead | Mid-semester project report | |
| 3/29 | Trust, cont'd. |
|
|
| 3/31 | Language-Based Security |
|
Response to Liu |
| 4/5 | Real-World System Security |
|
Homework #2 |
| 4/7 |
|
Response to Rouf | |
| 4/12 |
|
Response to Halderman | |
| 4/14 | Usability and Security |
|
|
| 4/19 |
|
Homework #3 | |
| 4/21 | Economics of Security | Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research (Moore, Harvard CS TR-03-11) | Respond to Moore |
| 4/26 | Forensics |
|
Summary of final project results |
| 4/28 | Required: go to Gary McGraw's talk instead (room CS151, 11:30am–12:30pm). Slides (via Google). | ||
| 5/3 | Hot Topics in Privacy; Wrapup | A Firm Foundation for Private Data Analysis (Dwork, CACM Jan. 2011) | Test #5 |
| 5/4 | (No class) | Final project report | |
Resources
- Security Engineering by Ross Anderson: first edition free online
- Principles of Computer System Design by Saltzer and Kaashoek, Chapter 11
- RISKS
- Schneier blog
- How to Have Your Abstract Rejected by Mary-Claire van Leunen and Richard Lipton
- How to write a good paper by Simon Peyton-Jones
- Early Computer Security papers collected by NIST