CIS 4360 - Secure Computer Systems

Below is a schedule for this course, which will be updated as the course progresses. Students are thus required to frequently check this webpage for schedule, reading materials, and assignment updates.

Date	Topic	Assignment	Readings
week 1 01/17	Introduction Slides		Syllabus. link
week 1 01/19	Threat Modeling Slides		Attack Trees. Schneier, 1999. link
week 2 01/24	Cryptography Slides		Chapter 5.1--5.2
week 2 01/26	Symmetric Cryptography Slides		Chapter 5.3--5.5
week 3 01/31	Asymmetric Cryptography Slides		Chapter 5.6--5.7
week 3 02/02	Applied Cryptography Slides		Diffie-hellman key exchange. Khan Academy. link TLS and Perfect Forward Secrecy. Cipherstuff, 2014. link (optional) Why cryptosystems fail. Anderson, 1993. link
week 4 02/07	PKI and Kerberos Slides	Project 1	Chapter 3.7.3 (Kerberos) Chapter 21.4.5 (PKI)
week 4 02/09	Canceled due to snow storm
week 5 02/14	Entity Authentication Slides		Chapter 3
week 5 02/16	Biometrics Slides		Chapter 15
week 6 02/21	Access Control Slides		Chapter 4
week 6 02/23	Security Models Slides		Chapter 8 and 9
week 7 02/28	Firmware Security Slides		Remote Exploitation of an Unaltered Passenger Vehicle. Miller and Valasek, 2015. link
week 7 03/02	Malware Slides		Chapter 21.3
week 8 03/07	File System Security Slides	Project 1 Demo	Advanced Linux Programming, Chapter 10. Mitchell, 2001. link (optional) How To Write a Setuid Program. Bishop, 1987. link
week 8 03/09	Midterm Exam
week 9	Spring Break - No class
week 10 03/21	Midterm Exam Review
week 10 03/23	Buffer Overflows Slides		Secure Programming HOWTO - Buffer Overflows. Wheeler, 2015. link Memory Corruption Attacks: The (Almost) Complete History. Meer, 2010. Link (optional) Eternal War in Memory. Szekeres et al., 2013. link
week 11 03/28	Integers Slides		Secure Coding in C and C++ - Integer Overflows. Seacord, 2006. Slides and Chapter
week 11 03/30	Integer Overflows and Format String Attacks Slides		Exploiting Format String Vulnerabilities. Scut, 2001. Link (optional) Buffer Overflow and Format String Overflow Vulnerabilities. Lhee and Chapin, 2002. link
week 12 04/04	Hardware-assisted Security: Trusted Platform Module Slides		Trusted Platform Module Evolution. Osborn and Challener, 2013. Link
week 12 04/06	System Boot Slides	Project 2	Booting an Operating System. Krzyzanowski, 2015. Link
week 13 04/11	Attacks against Boot and RAM Slides		Evil Maid goes after TrueCrypt. Rutkowska, 2009. Link Anti Evil Maid. Rutkowska, 2011. Link Lest We Remember: Cold Boot Attacks on Encryption Keys. Halderman et al., 2008. Link
week 13 04/13	Secured System Boot Slides		Secure the Windows 8.1 boot process. Link Attacking Intel TXT. Wojtczuk and Rutkowska, 2009. Link
week 14 04/18	Hardware-assisted Security: SGX Slides		Intel Tutorial Slides for SGX. In ISCA 2015. Link Video
week 14 04/20	Sandboxing: Native Client Slides		Native client: A sandbox for portable, untrusted x86 native code. Yee et al., 2009. Link Inline Reference Monitors: SFI, CFI, XFI, WIT, NaCl. Shmatikov, 2009. Link
week 15 04/25	Virtualization Slides		A Virtual Machine Introspection Based Architecture for Intrusion Detection. Garfinkel & Rosenblum, 2003. Link Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring. Tian et al., 2012. Link
week 15 04/27	Web Security Slides	Project 2 Demo	A comprehensive tutorial on cross-site scripting. Kallin & Valbuena. Link Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet. OWASP. Link Preventing cross-site attacks using same-site cookies. Sharma from Dropbox, 2017. Link
week 16 05/09	Final Exam (1-3pm at TTL 302)