COMP 535   Introduction to Computer Security

Instructor Mike Reiter
Office hours: Thu 9:30-10:30am, except where noted below
Location: Brooks Building 352
Teaching assistants
Jacob Vosburgh
Office hours: Tue 3-4:30pm
Location: Brooks Building 352
     Ryan Gibson
Office hours: Fri 1-2:30pm
Location: Brooks Building 352
Class location Brooks Building 009
Meeting times 11:15am-12:30pm on the Mondays and Wednesdays indicated below
Resources Syllabus

Course schedule (subject to change)

Note: Class meets on days/dates in boldface.
Wk Day Date Topic Reading Comments
1 We Jan 9 Course introduction [slides] ITS Policies, Procedures and Guidelines
60 Minutes segment on Stuxnet
The Mandiant report on APT1 discussed in class
Cheating survey for undergrads, for grads
2 Mo Jan 14 Control hijacking attacks and countermeasures [slides] Younan et al., 2012  
  We Jan 16 Control hijacking attacks and countermeasures (cont.)   Homework 1
3 Mo Jan 21 No class (Martin Luther King Jr. Day)    
  We Jan 23 Java security [slides] McGraw & Felten 1999, Ch. 2-3  
4 Mo Jan 28 Common web software vulnerabilities [slides] Cross-site scripting
Cross-site request forgery
SQL injection
Quiz 1
  We Jan 30 Access control in distributed systems [slides] Lampson et al. 1992, except Section 4 Homework 1 due
Homework 2
5 Mo Feb 4 Access control in distributed systems (cont.) [optional] a paper that uses the logic (see Sec. 4.1 for an example) ...
[optional] ... and another one
 
  We Feb 6 Access control in distributed systems (cont.)    
6 Mo Feb 11 Access control in distributed systems (cont.)    
  We Feb 13 Access control in distributed systems (cont.)   Homework 2 due
7 Mo Feb 18 Cryptography [slides]   Homework 3 out
  We Feb 20 Cryptography (cont.) Lenstra & Verhuel 1999, except for discussion of "elliptic curve" crypto
[optional] a site for comparing different methods for choosing key lengths
Quiz 2
8 Mo Feb 25 Cryptography (cont.)    
  We Feb 27 Chosen ciphertext security [slides] Vaudenay 2002 Homework 3 due
9 Mo Mar 4 Midterm exam prep    
  We Mar 6 Midterm exam    
10 Mo Mar 11 No class (Spring break)    
  We Mar 13 No class (Spring break)    
11 Mo Mar 18 Authentication and key exchange protocols [slides] Abadi & Needham 1996  
  We Mar 20 Authentication and key exchange protocols (cont.)    
12 Mo Mar 25 Midterm exam review    
  We Mar 27 Firewalls and related technologies [slides]    
13 Mo Apr 1 Firewalls and related technologies (cont.)    
  We Apr 3 Firewalls and related technologies (cont.)   Homework 4 out
14 Mo Apr 8 Traffic analysis defense [slides] Chaum 1981
Owen & Savage 2015
Quiz 3
  We Apr 10 Traffic analysis defense (cont.) Chaum 1988
Reiter and Rubin 1998
 
15 Mo Apr 15 Passwords [slides] Florencio & Herley 2014 Homework 4 due
  We Apr 17 Password reuse [slides] Wang & Reiter 2019  
16 Mo Apr 22 Backup authentication [slides]
User misperceptions [slides]
Bonneau et al. 2015
Ion et al. 2015
 
  We Apr 24 Final exam prep    
  Tu May 7 Final exam (noon-3pm)