CS 660: Advanced Information Assurance
Spring 2011

Tuesdays & Thursdays, 11:15am–12:30pm
LGRC A310

This graduate-level course (which is also part of the information assurance undergraduate track) covers key concepts in information assurance (IA) via cutting-edge and seminal research papers. The course's two goals are (1) to prepare students to conduct successful, publishable research in security and privacy and (2) to teach students how to build stronger systems by thinking like attackers. Topics include threat modeling, risk assessment, famous missteps, the economics of security, web security. Students will be evaluated based on three homeworks, five standalone in-class tests, a final project, and class participation including leading at least one discussion of a research paper.

Instructor: Ben Ransford, CS 226. Office hours: Tuesday and Thursday 12:30pm–1:30pm or by appointment.

Schedule

This schedule is subject to change. Unofficial schedule in iCal format for use with Google Calendar, iCal, or other calendar software: iCal-format calendar URL.

DateTopicsReading & NotesDeliverable(s)
1/18 Intro
1/20 How to read a paper
1/25 From bug to vulnerability Response to Novark
1/27 How not to run malicious code
  • Test #1 at beginning of class
  • Response to Yee
2/1 Finding security problems; course project
  • Project ideas
  • Response to Cadar
2/3 Fuzz Testing Response to Godefroid
2/8 Web Security Response to Barth
2/10 Network Security Response to Bittau
2/15 Project proposal
2/17 Anonymity Homework #1
2/22 No class (virtual Monday)
2/24 Side-Channel Attacks Optical Time-Domain Eavesdropping Risks on CRT Displays (Kuhn, Oakland 2002) Test #2 at beginning of class
3/1 Compromising Electromagnetic Emanations of Wired and Wireless Keyboards (Vuagnoux, USENIX Security 2009) Response to Vuagnoux
3/3 Response to Kohno
3/8 P2P Privacy Response to Geambasu
3/10 Response to Isdal
3/15 No class (spring break)
3/17 No class (spring break)
3/22 Trust Response to Sturton
3/24 Required: Go to Sam King lecture instead Mid-semester project report
3/29 Trust, cont'd.
  • Test #3 at beginning of class
  • Response to Parno
3/31 Language-Based Security Response to Liu
4/5 Real-World System Security Homework #2
4/7 Response to Rouf
4/12 Response to Halderman
4/14 Usability and Security
  • Test #4 at beginning of class
  • Response to Whitten
4/19 Homework #3
4/21 Economics of Security Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research (Moore, Harvard CS TR-03-11) Respond to Moore
4/26 Forensics Summary of final project results
4/28 Required: go to Gary McGraw's talk instead (room CS151, 11:30am–12:30pm). Slides (via Google).
5/3 Hot Topics in Privacy; Wrapup A Firm Foundation for Private Data Analysis (Dwork, CACM Jan. 2011) Test #5
5/4 (No class) Final project report

Resources