| Week |
Dates |
Topics |
Reading |
| 1 |
8/25, 8/27, 8/29 |
Intro; fundamentals |
The Protection of Information in Computer Systems;
Extra: Crypto hashing
|
| 2 |
9/1, 9/3, 9/5 |
Buffer overflows |
Smashing the stack for fun and profit |
| 3 |
9/8 |
Student presentation by Dave Heefner |
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks by Cowan et al. |
|
9/10 |
Student presentation by Joe Siefers |
Beyond stack smashing: recent advances in exploiting buffer overruns by Pincus and Baker |
|
9/12 |
Static analysis |
|
| 4 |
9/15, 9/17, 9/19 |
Static analysis |
"Principles of Program Analysis" book: ch 1.1-1.3, ch2.1, 2.3, 2.4 | Lecture notes on static analysis
|
| 5 |
9/22, 9/24, 9/26 |
Static analysis |
| 6 |
9/29, 10/1, 10/3 |
Static analysis |
| 7 |
10/6 |
Static analysis |
| 10/8 |
Student Presentation by Bryan Auslander |
Intrusion Detection via Static Analysis by Wagner and Dean |
| 10/10 |
Student Presentation by Greg Bosch |
ESP: Path-Sensitive Program Verification in Polynomial Time by Das et al. |
| 8 |
10/15 |
Midterm review |
|
| 10/17 |
Midterm |
|
| 9 |
10/20, 10/22, 10/24 |
OCaml |
Chap 2 and 3 in
Developing Applications With Objective Caml
|
| 10 |
10/27 |
|
| |
10/29 |
Student Presentation by Thomas Salter |
An Empirical Security Study of the Native Code in the JDK |
|
| |
10/31 |
CIL |
CIL Overview |
|
| 11 |
11/3, 11/5, 11/7 |
Hoare Logic |
"Logic in Computer Science" Chapter 4 |
| 12 |
11/10 |
|
11/12 |
Student Presentation by Kartik Shankar |
Safe Kernel Extensions Without Run-Time Checking by Necula and Lee |
|
11/14 |
Guest lecture by Limin Jia |
AURA: A Programming Language for Authorization and Audit |
| 13 |
11/17, 11/19, 11/21 |
Software vulnerabilities |
Course slides |
| 14 |
11/24 |
| 15 |
12/1, 12/3 |
Mobile code security; Java security |
Securing Java Ch2
|
| 15 |
12/5 |
Student research projects presentations; Final exam review |
|
|
12/13 8am-9:30am |
Final Exam |
At MG 270 |