CSE 227: Computer Security

Course Syllabus

Remaining syllabus to be provided shortly...
Jan 5 Class cancelled (Stefan at NSF)
Jan 7 Class Introduction:
Jan 12 Software Vulnerabilities:
Low-Level Software Security by Example,” (just this chapter) Handbook of Information and Communication Security 2010. Slides.
Jan 14 Software Defenses:
Control-Flow Integrity: Principles, Implementations, and Applications,” ACM CCS 2005 and “NOZZLE: A Defense Against Heap-spraying Code Injection Attacks,” USENIX Sec. 2009.
Jan 19 MLK's birthday
Jan 21 Software Vulnerabilities II: “Is finding security holes a good idea?IEEE S&P 2005 and “Milk or Wine: Does Software Security Improve with Age?USENIX Sec. 2006.
Jan 26 Software Vulnerabilities: Automation “AEG: Automatic Exploit Generation,” NDSS 2011 and “Vigilante: End-to-End Containment of Internet Worms,” ACM SOSP 2005.
Jan 28 Browser Security “The Security Architecture of the Chromium Browser”, Technical report, 2008. and “Clickjacking: Attacks and Defenses ”,USENIX Security 2012.
Feb 2 Usability I: The Psychology of Security, CACM, 51(4), April 2008 (short) and Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, USENIX Security 1999 and Why Phishing Works, CHI 2006.
Feb 4 Usability II (research methods): You've Been Warned: An empirical Study of the Effectiveness of Web Browser Phishing Warnings, CHI 2010 and The Emperor's New Security Indicators, IEEE Security and Privacy (Oakland), 2007.

Feb 9 Ecosystem I: Click Trajectories: End-to-End Analysis of the Spam Value Chain IEEE S&P 2011 and Re: CAPTCHAs -- Understanding CAPTCHA-Solving from an Economic Context USENIX Sec. 2010.
Feb 11 Ecosystem II: Examining the Impact of Website Take-down on Phishing, APWG eCrime Summit, 2007. and The Underground Economy of Fake Antivirus Software, WEIS 2011.
Feb 16 President's Day
Feb 18 Side Channels: Keyboard Acoustic Emanations Revisited, CCS 2005 and Lest we Remember: Cold Boot Attacks on Encryption Keys, USENIX Security 2008.
Feb 23 CyberEspionage: Shadows in the Cloud: Investigating CyberEspionage 2.0; Information Warfare Monitor/Shadowserver Foundation 2010 and When Governments Hack Opponents: A Look at Actors and Technology, USENIX Security 2014.
Feb 25 Zero Days and cyberweapons: Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World, ACM CCS 2012 and W32.Stuxnet Dossier Symantec 2011 Whitepaper.
Mar 2 Privacy and Big Data: Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing, USENIX Security 2014 and A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, IMC 2014.
Mar 4 Privacy & Your Browser (special guest lecture Hovav Shacham): Beware of Finger-Grained Origins, W2SP 2008 and PPixel Perfect Timing Attacks with HTML5, BlackHat USA 2013.
Mar 9 SSL/TLS: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, CCS 2012 and Analysis of the HTTPS Certificate Ecosystem, IMC 2013.
Mar 11