CSE 227: Computer Security


Jan 9 Introduction
Jan 11
Basic security review
Jan 16
Class Cancelled
Jan 18
Authentication and Usability
  • Anderson, Security engineering, Chapter 3 (Passwords).
  • Whitten and Tygar, Why Johnny Can't Encrypt. A Usability Evaluation of PGP 5.0, USENIX Security 1999.
  • Chiasson, van Oorschot and Biddle, A Usability Study and Critique of Two Password Managers, USENIX Security 2006.
  • Jan 23
    More Usability
  • Gaw, Felten and Fernandez-Kelley, Secrecy, Flagging and Paranoia: Adoption Criteria in Encrypted E-Mail, CHI 2006.
  • Tari, Ozok and Holden, A Comparison of Perceived and Real Shoulder-surfing Risks between Alphanumeric and Graphical Passwords", SOUPS 2006.
  • Balfanz, Durfee, Grinter, Smetters and Stewart, "Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute, USENIX 2004.
  • Jan 25
  • Anderson, Security engineering, Chapter 13 (Biometrics).
  • Matsumoto, Matsumoto, Yamada and Hoshino, Impact of Artificial Gummy Fingers on Fingerprint Systems, Proceedings of the SPIE, 2002.
  • Jan 30
    Class cancelled
    Feb 1
    25 years of Security Design Principles
  • Saltzer and Schoeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, 1975 (earlier version in 4th SOSP).
  • Viega and McGraw, Software Security Principles, Part1, Part2, Part3, Part4, Part5
  • , IBM DeveloperWorks, 2000.
    Feb 6
    Software Vulnerabilities I
  • Cowan, Wagel, Pi, Beattie and Walpole, Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, DARPA DISCEX 2000.
  • Pincus and Baker, Beyond Stack Smashing: Recent Advances in Buffer Overruns, IEEE Security & Privacy, 2004.
  • (optional) Nagy, Generic Anti-Exploitation Technology for Windows, eEye white paper
  • Feb 8
    Out sick
    Feb 13
    Software Vulnerabilities II
    Feb 15
    Software Vulnerabilities III
    Feb 20
    Malware I
  • Carey Nachenberg, Computer virus-antivirus coevolution, CACM 1997.
  • Stuart Staniford, Vern Paxson and Nicholas Weaver, How to 0wn the Internet in Your Spare Time, USENIX Security 2002.
  • Feb 22
    Malware I (continued)
    Feb 27
    Malware II: Spyware and Bots
  • Moshchuck, Bragin, Gribble and Levy, A Crawler-based Study of Spyware on the Web, NDSS 2007.
  • Cooke, Jahanian, McPherson, The Zombie Roundup: Understanding, Detecting and Disrupting Botnets, SRUTI 2005.
  • Mar 1
    Information hiding/finding I: Covert/side channels
  • Zhuang, Zhou, Tygar, Keyboard Acoustic emanations Revisited, CCS 2005.
  • Shah, Molina and Blaze, Keyboards and Covery Channels, USENIX Security 2006.
  • Mar 6
    Information hiding/finding II: Watermarking
  • Craver, Wu, Liu, Stubblefield, Swartzlander, Wallach, Dean and Felten, Reading Between the Lines: Lessons from the SDMI Challaenge, USENIX Security 2001.
  • Mar 8
  • Dingledine, Mathewson, Syverson, Tor: The Second-Generation Onion Router, USENIX Security 2004.
  • BAuer, McCoy, Grunwald, Kohno, Sicker, Low-Resource Routing Attacks Against Anonymous Systems, Colororado Tech Report, 2007.
  • Mar 13
    Security at UCSD
    Mar 15
    Class Cancelled
    Mar 20
    Here is the Final. It must be accessed from UCSD computer. The final will be due Fri 23rd at 12pm (return to me or put under my office door -- EBU3B 3106)
    Mar 21
    Project Presentations (special time/place: 1pm-3pm in EBU3B 4104)
  • If you can't make this time, please contact me ASAP for a private presentation slot.
  • Write up (~5 pages) due Fri 23rd at 12pm (return to me or put under my door -- EBU3B 3106)