CS 600.643: Advanced Topics in Computer Security

Graduate Seminar

Course description

Topics will vary from year to year, but will focus mainly on network perimeter protection, host-level protection, authentication technologies, intellectual property protection, formal analysis techniques, intrusion detection and similarly advanced subjects. Emphasis in this course is on understanding how security issues impact real systems, while maintaining an appreciation for grounding the work in fundamental science. The course will consist of in-class workshops and interactive discussions. There will be programming assignments and a course project. Students will also be expected to read assigned papers and to present at least one research paper and lead a discussion on it.

ThF 2:30-3:45
Location: Wyman Park 4th floor conference room.

Mailing List

All students must sign up for the class mailing list. Send mail to majordomo@cs.jhu.edu with "subscribe cs643" in the message body. Then, to send mail to the class, send it to cs643 at cs.jhu.edu. Important announcements will be maid via the mailing list, and students will be responsible for any information posted to the list.

Office Hours

I will hold my office hours at 416 Wyman Park after class, and I'm also available by appointment other times.

Grading

This is an interactive class, so class participation will play a significant role in grading. Besides that, grades will be based on your paper presentation, your participation in discussions and questions, programming assignments and your project.

Course Project

The course project assignment is available here.

Week 1

9/8

Introduction to the course
First assignment explained
Select student for first paper

9/9

No class

Week 2

9/15

First assignment turned in
Each student presents and demos their program
Discussion about second assignment

9/16

Paper #1 presented & discussed

Student: Amos Wetherbee
Ana Nova Sovarel, David Evans, and Nathanael Paul. Where's the FEEB? The Effectiveness of Instruction Set Randomization. In Proceedings of 14th USENIX Security Symposium, 2005. [PDF] [HTML]


Week 3

9/22

Paper #2 presented & discussed

Student: Michael Peck
Alma Whitten and J. D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, 1999. [PDF]

9/23

Paper #3 presented & discussed Student: Ben Pick
Jerome H. Saltzer, and Michael D. Schroeder, "The Protection of Information in Computer Systems," Proceedings of the IEEE 63, 9 (September 1975) pages 1278-1308. (html)

Week 4

In class workshops on project

Week 5

10/6

Task 1 due
Task 1 presentation

10/7

NIST e-voting workshop

Week 6

10/13

Yom Kippur - no class

10/14

Paper #4 presented & discussed

Student: Benny Tsai
B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks. From IEEE Communications Magazine, Volume 32, Number 9, pages 33-38, September 1994. [HTML]


Week 7

10/20

Paper #5 presented & discussed

Student: Jay Zarfoss
Hao Chen, Drew Dean, and David Wagner. Model checking one million lines of C code. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS), pages 171--185, San Diego, CA, February 2004. [PDF]

10/21

Paper #6 presented & discussed

Student: Michael Wood
Jonathon T. Giffin, David Dagon, Somesh Jha, Wenke Lee, and Barton P. Miller. In Recent Advances in Intrusion Detection(RAID),Seattle, Washington, September 2005. Efficient Context-Sensitive Intrusion Detection[ PDF]


Week 8

10/27

Paper #7 presented & discussed

Student: Razvan Musaloiu-E.
George C. Necula, Peter Lee. The Design and Implementation of a Certifying Compiler. In Proceedings of the '98 Conference on Programming Language Design and Implementation (PLDI), Montreal, 1998 [PS] [citeseer]

10/28

Paper #8 presented & discussed

Student: Raluca Musaloiu-E.
John Bethencourt, Jason Franklin, Mary Vernon. Mapping Internet Sensors With Probe Response Attacks. In Proceedings of 14th USENIX Security Symposium, 2005. [PDF] [HTML]


Week 9

11/3 & 11/4

Task 2 due
Task 2 presentations

Week 10

11/10

ACM CCS - no class

11/11

Paper #9 presented & discussed

Student: Josh Mason
Student: Joshua Mason
truff, "Infecting Loadable Kernel Modules." Phrack #61, August, 2003.(html)


Week 11

11/17

Paper #10 presented & discussed

Student: Jacob honoroff

James Newsome and Dawn Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 05), February 2005. [PDF]

11/18

Debate #1

Week 12

THANKSGIVING

Week 13

12/1

Debate #2

12/2

Debate #3

Week 14

Task 3 due

12/8 & 12/9

Task 3 presentation


Computer Science Department Academic Integrity Code

The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition.

Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment.

*If* your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated.

Falsifying program output or results is prohibited.

Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received.

Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on Academic Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html) and the Ethics Board web site (http://ethics.jhu.edu).