CS 600.643: Security and Privacy in Computing
Tentative syllabus - subject to change
Topics will vary from year to year, but will focus mainly on network perimeter protection,
host-level protection, authentication technologies, intellectual property protection, formal
analysis techniques, intrusion detection and similarly advanced subjects. Emphasis in this course
is on understanding how security issues impact real systems, while maintaining an appreciation for grounding
the work in fundamental science. Students will study and present various advanced research papers to the class.
There will be homework assignments and a course project.
This is a seminar course.
Each week has a paper associated with it, and all students must read all
of the papers. Each student will be assigned a week. When it is your week,
you are responsible for the paper listed in this syllabus. You should prepare
a presentation of that paper to last the full class period. For your assigned paper,
it is strongly advised that you research the papers in the bibliography and familiarize
yourself with previous work in the area. Your presentation is not only of the
assigned paper, but of the context surrounding that work.
Even if you have a lot of experience presenting research, you should not
wait until the last minute to prepare, and a dry run a few days before class
is a very good idea. Time yourself, and if possible, even video yourself. Practice
with friends, with enemies, or with your dog. Practice,
practice, practice! You should be ready to discuss the work from all
angles. It is okay to offer opinions, improvements, and other types of criticisms
of the work.
On the Thursday meeting, you will make your presentation. Then, on Friday, every student
is required to show up with two written questions. These should be deep, thought-provoking
questions. The student who is assigned the paper will lead a discussion centered around
the questions. The questions will be turned in to the professor at the end of class.
The first class will be used to sign up students for their choices of papers. Students
who struggle will be given the opportunity to sign up again, assuming that the class size
is small enough for people to go more than once.
All students must sign up for the class mailing list. Send mail
with "subscribe cs643"
in the message body. Then, to send mail to the class,
send it to cs643 at cs.jhu.edu.
Important announcements will be maid via the mailing list, and students
will be responsible for any information posted to the list.
I will hold my scheduled office hours at 326 NEB after class
on Thursdays, 10:15 a.m. to 12:00 p.m. When needed, I will have
hours there on Fridays as well.
My office is at 416 Wyman Park, and we can meet there by appointment.
This is an interactive class, so class participation will play a significant
role in grading. Besides that, grades will be based on your paper presentation,
your participation in discussions and questions, and your project.
The project description can be found here.
Introduction to the course
Course project assigned
Sign up for papers
9/5 No class
Martin Abadi, Roger Needham. "Prudent Engineering Practice for Cryptographic Protocols",
IEEE Transactions on Software Engineering 22, 1 (January 1996), 6-15.
Student(s): John Daniel & Charles Wright
9/11 Paper presentation
9/12 Class discussion
Stuart Staniford, Vern Paxson, Nicholas Weaver,
"How to 0wn the Internet in Your Spare Time"
Proceedings of the 11th USENIX Security Symposium (Security '02). (pdf)
Student(s): John Scillieri & Carl Steinebach
9/18 Paper presentation
Project: Turn in phase I
9/19 Class discussion
Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
"Timing Analysis of Keystrokes and Timing Attacks on SSH"
10th USENIX Security Symposium, 2001. (pdf)
Student(s): Chris Soghoian
9/25 Paper presentation
9/26 Class discussion
M. Handley, C. Kreibich and V. Paxson,
"Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics".
Proc. USENIX Security Symposium 2001. (pdf)
Student(s): Raymond Brown & Jing Wang
10/2 Class discussion from previous week
Project: Turn in phase II
10/3 Paper presentation
10/9 Class discussion from previous week
10/10 *** New Addition***
Project discussion. Each student will discuss their project idea for 5-7 minutes.
No powerpoint, just sit around in a circle and discuss.
Daniel Bleichenbacher, "Chosen Ciphertext Attacks against Protocols Based on RSA Encryption
Standard PKCS #1" in Advances in Cryptology -- CRYPTO'98, LNCS vol. 1462, pages: 1--12, 1998.
Student(s): Adam Stubblefield
10/16 Paper presentation
10/17 Class discussion
W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O.
Reingold. "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols."
In Proc. ACM Computer and Communications Security (CCS) Conference. November 2002, Washington, DC. (pp 48-58).
Student(s): Seny Kamara & Parth Vasa
10/23 Paper presentation
Project: Turn in phase III
10/24 Class discussion
Edward W. Felten and Michael A. Schneider. "Timing Attacks on Web Privacy".
Proc. of 7th ACM Conference on Computer and Communications Security, Nov. 2000.
Student(s): Domari Dickinson & Neda Khalili
10/30 Paper presentation
10/31 Class discussion
Matt Wright, Micah Adler, Brian Neil Levine, and Clay Shields,
"Defending Anonymous Communication Against Passive Logging Attacks".
IEEE Symposium on Security and Privacy, Oakland, CA. May 2003.
Student(s): Matt Green
11/6 Paper presentation
11/7 Class discussion
William Aiello, John Ioannidis, and Patrick McDaniel,
"Origin Authentication in Interdomain Routing". Proceedings of 10th
ACM Conference on Computer and Communications Security, ACM, October 2003.
Student(s): Sophie Qiu
11/13 Paper presentation
11/14 Class discussion
- Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Alma
Whitten and J.D. Tygar. In Proceedings of the 9th USENIX Security Symposium,
August 1999. (pdf)
Student(s): Barry Herman
- M. Blaze. "Protocol Failure in the Escrowed Encryption Standard."
Proceedings of Second ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994.
Student(s): Lauren Rosenblatt
11/20 Paper presentation
11/21 Class discussion
Project: Turn in phase IV
M. Blaze, J. Feigenbaum and J. Lacy. "Decentralized Trust Management." IEEE Symposium on Security and Privacy, Oakland, CA. May 1996.
Student(s): Jatara Brown & Jeremy Mullendore
Project: Turn in phase V
Computer Science Department Academic Integrity Code
The strength of the university depends on academic and personal
integrity. In your studies, you must be honest and truthful. Ethical
violations include cheating on exams, plagiarism, reuse of
assignments, improper use of the Internet and electronic devices,
unauthorized collaboration, alteration of graded assignments, forgery
and falsification, lying, facilitating academic dishonesty, and unfair
Academic honesty is required in all work you submit to be graded.
Except where the instructor specifies group work, you must solve all
homework and programming assignments without the help of others. For
example, you must not look at any other solutions (including program
code) to your homework problems or similar problems. However, you may
discuss assignment specifications with others to be sure you
understand what is required by the assignment.
*If* your instructor permits using fragments of source code from
outside sources, such as your textbook or on-line resources, you must
properly cite the source. Not citing it constitutes plagiarism.
Similarly, your group projects must list everyone who participated.
Falsifying program output or results is prohibited.
Your instructor is free to override parts of this policy for
particular assignments. To protect yourself: (1) Ask the instructor
if you are not sure what is permissible. (2) Seek help from the
instructor or TA, as you are always encouraged to do, rather than from
other students. (3) Cite any questionable sources of help you may
Students who cheat will suffer a serious course grade penalty in addition
to being reported to university officials. You must abide by JHU's Ethics
Code: Report any violations you witness to the instructor. You may consult
the associate dean of students and/or the chairman of the Ethics Board
beforehand. For more information, see the guide on Academic
Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html)
and the Ethics Board web site (http://ethics.jhu.edu).