!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> CSE 127

CSE 127: Computer Security


Unless explicitly marked as Optional, all readings are considered required.

Sept 28
Note, no discussion section next Monday
Oct 3
Threat Modeling and Risk
Read by today: Thompson, Reflections on Trusting Trust
Mickens, This World of Ours
Oct 5
Control Flow Vulnerabilities: Buffer Overflows
Read by today: Aleph One, Smashing the Stack for Fun and Profit.
Optional: Richard Bonichon's Basic exploitation techniques slides
Oct 10
Control Flow Vulnerabilities: Format strings, Integers and Heap
Read by today: van der Veen et al, Memory Errors: The Past, the Present, and the Future
Optional: sploitfun, Understanding glibc malloc.
Oct 12
Catching up
Oct 17
Control Flow Vulnerabilities: Defenses and evolution
Read by today: Erlingsson et al, Low-level Software Security by Example
Optional: Szekeres et al, Eternal War in Memory
Oct 19
Control Flow Vulnerabilities: ROP and CFI
Optional: Shacham, The Geometry of Innocent Flesh on the Bone and Abadi et al, Control Flow Integrity.
Oct 24
System security I: Isolation and Privilege
Jaeger, Security in Ordinary Operating Systems (Earlence Fernandes guest lecture)
Oct 26
System security II: Side channels (also slides excerpted from Schwarz and Lipp)
Anderson, Security Engineering, Chap 19, Side Channels
Oct 31
Crypto I
Security Engineering, Chapter 5
Nov 2
Crypto II: Key distribution
Nov 7
Web Security I
Deian Stefan's lecture notes on CSRF, XSS and SQLi, SQL injection
Nov 9
Nov 14
Web Security II
Nov 16
Network Security I
Nov 21
Network Security II
Nov 23
Thanksgiving break
Nov 28
User Authentication
Nov 30
Malware I
Dec 5
Dec 7
Law and Ethics (note: this material not included in final)
Dec 14
Final Exam (Thursday, Dec 14th, 3pm-5:59pm, location TBD)