Date |
Topic |
| Jan 9 |
Introduction |
Jan 11 |
Basic security review |
Jan 16 |
Class Cancelled |
Jan 18 |
Authentication and Usability
Anderson, Security engineering, Chapter 3 (Passwords).
Whitten and Tygar, Why Johnny Can't Encrypt. A Usability Evaluation of PGP 5.0, USENIX Security 1999.
Chiasson, van Oorschot and Biddle, A Usability Study and Critique of Two Password Managers, USENIX Security 2006.
|
Jan 23 |
More Usability
Gaw, Felten and Fernandez-Kelley, Secrecy, Flagging and Paranoia: Adoption Criteria in Encrypted E-Mail, CHI 2006.
Tari, Ozok and Holden, A Comparison of Perceived and Real Shoulder-surfing Risks between Alphanumeric and Graphical Passwords", SOUPS 2006.
Balfanz, Durfee, Grinter, Smetters and Stewart, "Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute, USENIX 2004.
|
Jan 25 |
Biometrics
Anderson, Security engineering, Chapter 13 (Biometrics).
Matsumoto, Matsumoto, Yamada and Hoshino, Impact of Artificial Gummy Fingers on Fingerprint Systems, Proceedings of the SPIE, 2002.
|
Jan 30 | nn
Class cancelled |
Feb 1 |
25 years of Security Design Principles
Saltzer and Schoeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, 1975 (earlier version in 4th SOSP).
Viega and McGraw, Software Security Principles, Part1, Part2, Part3, Part4, Part5 , IBM DeveloperWorks, 2000.
|
Feb 6 |
Software Vulnerabilities I
Cowan, Wagel, Pi, Beattie and Walpole, Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, DARPA DISCEX 2000.
Pincus and Baker, Beyond Stack Smashing: Recent Advances in Buffer Overruns, IEEE Security & Privacy, 2004.
(optional) Nagy, Generic Anti-Exploitation Technology for Windows, eEye white paper
|
Feb 8 |
Out sick |
Feb 13 |
Software Vulnerabilities II |
Feb 15 |
Software Vulnerabilities III |
Feb 20 |
Malware I
Carey Nachenberg, Computer virus-antivirus coevolution, CACM 1997.
Stuart Staniford, Vern Paxson and Nicholas Weaver, How to 0wn the Internet in Your Spare Time, USENIX Security 2002.
|
Feb 22 |
Malware I (continued) |
Feb 27 |
Malware II: Spyware and Bots
Moshchuck, Bragin, Gribble and Levy, A Crawler-based Study of Spyware on the Web, NDSS 2007.
Cooke, Jahanian, McPherson, The Zombie Roundup: Understanding, Detecting and Disrupting Botnets, SRUTI 2005.
|
Mar 1 |
Information hiding/finding I: Covert/side channels
Zhuang, Zhou, Tygar, Keyboard Acoustic emanations Revisited, CCS 2005.
Shah, Molina and Blaze, Keyboards and Covery Channels, USENIX Security 2006.
|
Mar 6 |
Information hiding/finding II: Watermarking
Craver, Wu, Liu, Stubblefield, Swartzlander, Wallach, Dean and Felten, Reading Between the Lines: Lessons from the SDMI Challaenge, USENIX Security 2001.
|
Mar 8 |
Anonymity
Dingledine, Mathewson, Syverson, Tor: The Second-Generation Onion Router, USENIX Security 2004.
BAuer, McCoy, Grunwald, Kohno, Sicker, Low-Resource Routing Attacks Against Anonymous Systems, Colororado Tech Report, 2007.
|
Mar 13 |
Security at UCSD |
Mar 15 |
Class Cancelled |
Mar 20 |
Here is the Final. It must be accessed from UCSD computer. The final will be due Fri 23rd at 12pm (return to me or put under my office door -- EBU3B 3106)
|
Mar 21 |
Project Presentations (special time/place: 1pm-3pm in EBU3B 4104)
If you can't make this time, please contact me ASAP for a private presentation slot.
Write up (~5 pages) due Fri 23rd at 12pm (return to me or put under my door -- EBU3B 3106)
|
