CSE 127: Computer Security

Lecture: Tue and Thu 8:00 A.M. to 9:20 A.M. in Solis Hall 107

Discussion: Fri 5:00 P.M. in WLH 2005

Instructor: Kirill Levchenko klevchen@cs.ucsd.edu (public key)

TAs: Brian Johannesmeyer and Guo Li cs127f1@ieng6.ucsd.edu (public key)

Piazza: https://piazza.com/ucsd/fall2017/cse127/home

Course Syllabus

Assignments

With the exception of the first assignment, all assignments must be submitted via email to cs127f1@ieng6.ucsd.edu, encrypted to the TA public key and signed using your PGP key from the first assignment.

No.DueInfo
1Oct 3 at 4pmAssignment 1
2Oct 10 at 10pmAssignment 2 (rev. 2), hw2skel.tgz, hw2vm.zip (sig)
3Oct 17 at 10pmAssignment 3
4Oct 24 at 10pmAssignment 4, hw4skel.tgz, hw4vm.zip (sig)
5Oct 31 at 10pmAssignment 5
6Nov 16 at 10pmAssignment 6
8Nov 30 at 10pmAssignment 7
9Dec 7 at 10pmAssignment 8, hw8vm.zip (sig)

Lectures and Reading Assignments

DateTopicReading Assignment
Sep 28IntroductionNo Reading
Oct 3Security ConceptsCh. 1 and Ch. 4 Sections 4.1 through 4.2.6 in Ross Anderson’s Security Engineering
Oct 5Multilevel SecurityCh. 8 Sections 8.1, 8.2, 8.3, and 8.6 in Ross Anderson’s Security Engineering,
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones” by Enck et al.
Oct 10Control Flow HijackingSmashing The Stack For Fun And Profit” by Aleph One
Oct 12Control Flow HijackingBuffer Overflows: Attacks and Defenses for the Vulnerability of the Decade” by Cowan et al.,
ASLR and NOEXEC for Linux from the PaX project,
printf manual (reference for Assignment 4)
Oct 17Control Flow HijackingOn the Effectiveness of Address-Space Randomization” by Shacham et al.,
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)” by Shacham,
Return-oriented programming worksheet by S. Checkoway (for use in class)
Oct 19Advanced Software AttacksFinding and Preventing Bugs in JavaScript Bindings” by Brown et al. (guest lecture by Deian Stefan)
Oct 24CryptographyCh. 5 Sections 5.1 through 5.8 in Ross Anderson’s Security Engineering,
Cryptography 101 - The Basics” by D. Brumley (optional)
Oct 26Public Key InfrastructureA Short Tutorial on Distributed PKI” from Isode Ltd.,
PGP Web of Trust: Core Concepts Behind Trusted Communication” by K. Ryabitsev,
Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure” by C. Ellison and B. Schneier (optional),
Information Security: Before and After Public Key Cryptography” by Whitfield Diffie (optional)
Oct 31No lecture
Nov 2Midterm ExamIn class
Nov 7Password AuthenticationSerious Security: How to store your users‛ passwords safely” by P. Ducklin
Nov 9Web SecurityXSS Game, CSRF from OWASP, Same Origin Policy from Google (read through “Same-origin policy for cookies”).
Nov 14SQL InjectionPHP Manual: SQL Injection
Nov 16Advanced Web AttacksFrom the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television by Y. Oren and A. D. Keromytis,
Clickjacking by R Hansen and J. Grossman
Nov 21PrinciplesSaltzer and Schroeder, “The Protection of Information in Computer Systems,” Section I only.
Nov 23No lectureThanksgiving holiday
Nov 28Network SecurityA Look Back at Security Problems in the TCP/IP Protocol Suite by S. Bellovin
Nov 30Network SecurityAn Illustrated Guide to the Kaminsky DNS Vulnerability by S. Friedl
Dec 5Network SecurityHow DNSSEC Works from Cloudflare and
RFC 4034 (optional, for reference)
Dec 7BitcoinBitcoin: A Peer-to-Peer Electronic Cash System” by S. Nakamoto and
Ch. 2 of Mastering Bitcoin (optional)
Dec 12Final Exam8:00am to 11:59am, Location TBA