CS 600.643: Security and Privacy in Computing

Tentative syllabus - subject to change

Course description

Topics will vary from year to year, but will focus mainly on network perimeter protection, host-level protection, authentication technologies, intellectual property protection, formal analysis techniques, intrusion detection and similarly advanced subjects. Emphasis in this course is on understanding how security issues impact real systems, while maintaining an appreciation for grounding the work in fundamental science. Students will study and present various advanced research papers to the class. There will be homework assignments and a course project.

ThF 9-10:15
Schaf 304

Format

This is a seminar course. Each week has a paper associated with it, and all students must read all of the papers. Each student will be assigned a week. When it is your week, you are responsible for the paper listed in this syllabus. You should prepare a presentation of that paper to last the full class period. For your assigned paper, it is strongly advised that you research the papers in the bibliography and familiarize yourself with previous work in the area. Your presentation is not only of the assigned paper, but of the context surrounding that work.

Even if you have a lot of experience presenting research, you should not wait until the last minute to prepare, and a dry run a few days before class is a very good idea. Time yourself, and if possible, even video yourself. Practice with friends, with enemies, or with your dog. Practice, practice, practice! You should be ready to discuss the work from all angles. It is okay to offer opinions, improvements, and other types of criticisms of the work.

On the Thursday meeting, you will make your presentation. Then, on Friday, every student is required to show up with two written questions. These should be deep, thought-provoking questions. The student who is assigned the paper will lead a discussion centered around the questions. The questions will be turned in to the professor at the end of class.

The first class will be used to sign up students for their choices of papers. Students who struggle will be given the opportunity to sign up again, assuming that the class size is small enough for people to go more than once.

Mailing List

All students must sign up for the class mailing list. Send mail to majordomo@cs.jhu.edu with "subscribe cs643" in the message body. Then, to send mail to the class, send it to cs643 at cs.jhu.edu. Important announcements will be maid via the mailing list, and students will be responsible for any information posted to the list.

Office Hours

I will hold my scheduled office hours at 326 NEB after class on Thursdays, 10:15 a.m. to 12:00 p.m. When needed, I will have hours there on Fridays as well. My office is at 416 Wyman Park, and we can meet there by appointment.

Grading

This is an interactive class, so class participation will play a significant role in grading. Besides that, grades will be based on your paper presentation, your participation in discussions and questions, and your project.

Project

The project description can be found here.

Week 1

9/4

Introduction to the course
Course project assigned
Sign up for papers

9/5

No class

Week 2

Martin Abadi, Roger Needham. "Prudent Engineering Practice for Cryptographic Protocols", IEEE Transactions on Software Engineering 22, 1 (January 1996), 6-15. (ps)

Student(s): John Daniel & Charles Wright

9/11

Paper presentation

9/12

Class discussion

Week 3

Stuart Staniford, Vern Paxson, Nicholas Weaver, "How to 0wn the Internet in Your Spare Time" Proceedings of the 11th USENIX Security Symposium (Security '02). (pdf)

Student(s): John Scillieri & Carl Steinebach

9/18

Paper presentation
Project: Turn in phase I

9/19

Class discussion

Week 4

Dawn Xiaodong Song, David Wagner, and Xuqing Tian. "Timing Analysis of Keystrokes and Timing Attacks on SSH" 10th USENIX Security Symposium, 2001. (pdf)

Student(s): Chris Soghoian

9/25

Paper presentation

9/26

Class discussion

Week 5

M. Handley, C. Kreibich and V. Paxson, "Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics". Proc. USENIX Security Symposium 2001. (pdf)

Student(s): Raymond Brown & Jing Wang

10/2

Class discussion from previous week
Project: Turn in phase II

10/3

Paper presentation

Week 6

10/9

Class discussion from previous week

10/10

*** New Addition***
Project discussion. Each student will discuss their project idea for 5-7 minutes. No powerpoint, just sit around in a circle and discuss.

Week 7

Daniel Bleichenbacher, "Chosen Ciphertext Attacks against Protocols Based on RSA Encryption Standard PKCS #1" in Advances in Cryptology -- CRYPTO'98, LNCS vol. 1462, pages: 1--12, 1998. (ps)

Student(s): Adam Stubblefield

10/16

Paper presentation

10/17

Class discussion

Week 8

W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold. "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols." In Proc. ACM Computer and Communications Security (CCS) Conference. November 2002, Washington, DC. (pp 48-58). (pdf)

Student(s): Seny Kamara & Parth Vasa

10/23

Paper presentation
Project: Turn in phase III

10/24

Class discussion

Week 9

Edward W. Felten and Michael A. Schneider. "Timing Attacks on Web Privacy". Proc. of 7th ACM Conference on Computer and Communications Security, Nov. 2000. (pdf)

Student(s): Domari Dickinson & Neda Khalili

10/30

Paper presentation

10/31

Class discussion

Week 10

Matt Wright, Micah Adler, Brian Neil Levine, and Clay Shields, "Defending Anonymous Communication Against Passive Logging Attacks". IEEE Symposium on Security and Privacy, Oakland, CA. May 2003. (ps)

Student(s): Matt Green

11/6

Paper presentation

11/7

Class discussion

Week 11

William Aiello, John Ioannidis, and Patrick McDaniel, "Origin Authentication in Interdomain Routing". Proceedings of 10th ACM Conference on Computer and Communications Security, ACM, October 2003. (pdf)

Student(s): Sophie Qiu

11/13

Paper presentation

11/14

Class discussion

Week 12

Two papers:

Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Alma Whitten and J.D. Tygar. In Proceedings of the 9th USENIX Security Symposium, August 1999. (pdf)
Student(s): Barry Herman
M. Blaze. "Protocol Failure in the Escrowed Encryption Standard." Proceedings of Second ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994. (pdf)

Student(s): Lauren Rosenblatt

11/20

Paper presentation

11/21

Class discussion
Project: Turn in phase IV

Week 13

THANKSGIVING

Week 14

M. Blaze, J. Feigenbaum and J. Lacy. "Decentralized Trust Management." IEEE Symposium on Security and Privacy, Oakland, CA. May 1996. (pdf)

Student(s): Jatara Brown & Jeremy Mullendore

12/4

Paper presentation

12/5

Class discussion
Project: Turn in phase V

Computer Science Department Academic Integrity Code

The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition.

Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment.

*If* your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated.

Falsifying program output or results is prohibited.

Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received.

Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on Academic Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html) and the Ethics Board web site (http://ethics.jhu.edu).