Below is the calendar for this semester course. This is the
preliminary schedule, which may need to be altered as the semester
progresses. It is the responsibility of the students to
frequently check this web-page for schedule, readings, and assignment
changes. As the professor, I will attempt to announce any change to
the class, but this web-page should be viewed as authoritative. If
you have any questions, please contact me (contact information is
available at the course homepage).
(do readings before
|01/17/17 ||Introduction ||
Course syllabus (link)
Assignment #0 - Introductions (link)
|01/24/17 ||Cryptography ||Assignment #0 ||
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. (link)
Homework #1 (link)
Project Topics (link)
|01/31/17 ||Secure Multiparty Computation ||Homework #1 ||
Fairplay - A Secure Two-Party Computation System D. Malkhi, N. Nisan, B. Pinkas, and Y.
Sella, Proceedings of the USENIX Security Symposium (SECURITY), 2004. (link)
Craig Gentry. Computing arbitrary functions of encrypted data. Commun. ACM 53, 3 (March 2010), 97-105. (link)
|02/07/17 ||Networking basics ||Project Ideas ||
Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. (link)
Related Work (link)
|02/14/17 ||Network Security || ||
A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In
Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection.
S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
A quantitative study of firewall configuration errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. (link)
Homework #2 on Blackboard
|02/21/17 ||Virtual Machines ||Homework #2 ||
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield.
Xen and the art of virtualization. In Proceedings of the ACM symposium on Operating systems principles (SOSP), 2003 (link)
AWS Lab (courtesy U of Missouri) (link)
|02/28/17 ||Mid-term Exam|
|03/07/17 ||Spring Break -- No Class|
|03/14/17 ||Weather closure -- No Class. Related work due.|
|03/21/17 ||Smartphones and SMC || ||
Ad-Hoc Secure Two-Party Computation on
Mobile Devices using Hardware Tokens.
D. Demmler, T. Schneider, and M. Zohner.
Proceedings of the USENIX Security Symposium. 2014 (link)
H. Carter, B. Mood, P. Traynor, K. Butler, Outsourcing Secure Two-Party Computation as a Black Box,
Proceedings of the International Conference on Cryptology and Network Security (CANS), 2015. (link)
Abstract and Intro (link)
|03/28/17 ||Specialized Privacy-Preserving Cryptography ||Abstract and Intro ||
Sergey Yekhanin. Private information retrieval. Commun. ACM 53, 4 (April 2010), 68-73. (link)
E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: an extremely simple oblivious RAM protocol.
In Proceedings of the ACM SIGSAC conference on Computer and communications security (CCS), 2013. (link)
In-class reading (link)
Homework #3 on Blackboard
|04/04/17 ||Differential Privacy ||Homework #3 ||
L. Sweeney. Achieving k-anonymity privacy protection using generalization and suppression.
International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 571-
The Promise of Differential Privacy. A Tutorial on Algorithmic Techniques.
Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS),
|04/11/17 ||VM Introspection and Co-Residency ||Methodology ||
B. Dolan-Gavitt, T. Leek, M. Zhivich, J. Giffin, and W. Lee. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection.
Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2011. (link)
A. Bates, B. Mood, J. Pletcher, H. Pruse, M. Valafar, and K. Butler.
On Detecting Co-Resident Cloud Instances Using Network Flow Watermarking Techniques.
International Journal of Information Security: Volume 13, Issue 2, pg. 171-189. 2014. (link)
|04/18/17 ||Data Leakage and Defenses || ||
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, T. Ristenpart,
E. Tromer, H. Shacham, and S. Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2009. (link)
Scheduler-based defenses against cross-VM side-channels
V. Varadarajan, T. Ristenpart, and M. Swift
In USENIX Security Symposium, 2014. (link)
Homework #4 on Blackboard
|04/25/17 ||Access Control and Single Sign-On ||Homework #4 ||
M. Pirretti, P. Traynor, P. McDaniel and B. Waters, Secure Attribute-Based Systems,
Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2006. (link)
Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and
Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994 (link)
Example password DB (link)
|05/02/17 ||Class Presentations and Final Review ||Project document due at the final exam ||
|05/08/17 ||Final Exam - 14:30-17:00|