Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which may need to be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date Topic Assignments Due Readings/Discussions
(do readings before class)
Slides
01/17/17 Introduction Course syllabus (link)

Assignment #0 - Introductions (link)

Introduction
01/24/17 Cryptography Assignment #0 A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. R. Rivest, A. Shamir, and L. Adleman, Communications of the ACM, 21(2):120-126, 1978. (link)

Homework #1 (link)

Project Topics (link)

Crypto
01/31/17 Secure Multiparty Computation Homework #1 Fairplay - A Secure Two-Party Computation System D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella, Proceedings of the USENIX Security Symposium (SECURITY), 2004. (link)

Craig Gentry. Computing arbitrary functions of encrypted data. Commun. ACM 53, 3 (March 2010), 97-105. (link)

SMC
02/07/17 Networking basics Project Ideas Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. (link)

Related Work (link)

Networks
02/14/17 Network Security A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)

The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson, In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)

A quantitative study of firewall configuration errors. A. Wool, IEEE Computer, 37(6):62-67, 2005. (link)

Homework #2 on Blackboard

Net Sec
02/21/17 Virtual Machines Homework #2 P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the ACM symposium on Operating systems principles (SOSP), 2003 (link)

AWS Lab (courtesy U of Missouri) (link)

Virtual Machines
02/28/17 Mid-term Exam
03/07/17 Spring Break -- No Class
03/14/17 Weather closure -- No Class. Related work due.
03/21/17 Smartphones and SMC Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens. D. Demmler, T. Schneider, and M. Zohner. Proceedings of the USENIX Security Symposium. 2014 (link)

H. Carter, B. Mood, P. Traynor, K. Butler, Outsourcing Secure Two-Party Computation as a Black Box, Proceedings of the International Conference on Cryptology and Network Security (CANS), 2015. (link)

Abstract and Intro (link)

Mobile SMC
03/28/17 Specialized Privacy-Preserving Cryptography Abstract and Intro Sergey Yekhanin. Private information retrieval. Commun. ACM 53, 4 (April 2010), 68-73. (link)

E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: an extremely simple oblivious RAM protocol. In Proceedings of the ACM SIGSAC conference on Computer and communications security (CCS), 2013. (link)

In-class reading (link)

Homework #3 on Blackboard

Methodology (link)

Cloud Crypto
04/04/17 Differential Privacy Homework #3 L. Sweeney. Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 571- 588. (link)

C. Dwork, The Promise of Differential Privacy. A Tutorial on Algorithmic Techniques. Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS), 2011. (link)

Differential Privacy
04/11/17 VM Introspection and Co-Residency Methodology B. Dolan-Gavitt, T. Leek, M. Zhivich, J. Giffin, and W. Lee. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection. Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2011. (link)

A. Bates, B. Mood, J. Pletcher, H. Pruse, M. Valafar, and K. Butler. On Detecting Co-Resident Cloud Instances Using Network Flow Watermarking Techniques. International Journal of Information Security: Volume 13, Issue 2, pg. 171-189. 2014. (link)

Introspection
04/18/17 Data Leakage and Defenses Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2009. (link)

Scheduler-based defenses against cross-VM side-channels V. Varadarajan, T. Ristenpart, and M. Swift In USENIX Security Symposium, 2014. (link)

Homework #4 on Blackboard

Side Channels
04/25/17 Access Control and Single Sign-On Homework #4 M. Pirretti, P. Traynor, P. McDaniel and B. Waters, Secure Attribute-Based Systems, Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2006. (link)

Kerberos: An Authentication Service for Computer Networks. B. Clifford Neuman and Theodore Ts'o, IEEE Communications, 32(9):33-38. September 1994 (link)

Example password DB (link)

Authentication
05/02/17 Class Presentations and Final Review Project document due at the final exam

Review
05/08/17 Final Exam - 14:30-17:00