CSE logo University of Washington Computer Science & Engineering
 CSE 484: Computer Security (Winter 2008)
  CSE Home   About Us    Search    Contact Info 

Course home
 Home
Administrivia
 Overview
 Using course email
Schedule
 Lectures and readings
 Midterms and exams
 Recitation/Quiz Sections
Assignments
 Homework
 Course Blog
 Projects
Lab information
 Getting lab accounts
 Unix tutorials
   

Lectures

Please note that the schedule is subject to changes based on our progess and student interests.

The list of readings for each class and other extra information are at the bottom of this page.

Week of Monday Wednesday Friday
January 7 Lecture 1 Lecture 2 Lecture 3
January 14 Lecture 4 Lecture 5 Lecture 6
January 21 Holiday Lecture 7 Lecture 8
January 28 Lecture 9 Lecture 10 Lecture 11
February 4 Lecture 12 Lecture 13 Midterm
February 11 Lecture 14 Lecture 15 Lecture 16
February 18 Holiday Lecture 17 Lecture 18
February 25 Lecture 19 Lecture 20 Lecture 21
March 3 Lecture 22 Lecture 23 Lecture 24
March 10 Lecture 25 Lecture 26 Lecture 27

Additional Material

Lecture 1

Topic: Introduction, risk analyses, ethics.

Slides: PDF.

Required reading: Pfleeger and Pfleeger, Chapter 1 (Is There a Security Problem in Computing).

Lecture 2

Topic: Introduction, risk analyses, ethics.

Slides: PDF.

Required reading: Pfleeger and Pfleeger, Section 8.1 (Security Planning).

Required reading: Pfleeger and Pfleeger, Section 8.2 (Risk Analysis).

Lecture 3

Guest lecturer: Pablos.

Required reading: Johnny Long, No-Tech Hacking. PDF available here: http://johnny.ihackstuff.com/downloads/task,doc_view/gid,38/.

Optional: Pfleeger and Pfleeger, Section 8.4 (Physical Security).

Lecture 4

Topic: Software security: Issues and attacks.

Slides: PDF.

Required reading: Pfleeger and Pfleeger, Section 3.1 (Secure Programs).

Required reading: Pfleeger and Pfleeger, Section 3.2 (Nonmalicious Program Errors).

Lecture 5

Topic: Software security: Issues and attacks.

Slides: PDF.

Required reading: Aleph One, Smashing the Stack for Fun and Profit. Text file available here: http://www.cs.washington.edu/education/courses/484/08wi/lectures/stack.txt.

Recommened reading (for project): scut / team teso, Exploiting Format String Vulnerabilities. PDF available here: http://www.cs.washington.edu/education/courses/484/08wi/lectures/formatstrings.pdf.

Recommended reading (for project): Chien and Szor, Blended Attacks. PDF available here: http://www.peterszor.com/blended.pdf.

Lecture 6

No class.

Lecture 7

Topic: Software security: Defenses.

Slides: PDF.

Optional: McGraw and Viega, Software Security Principles Part 1, Part 2, Part 3, Part 4, Part 5.

Optional: Harold, Fuzz Testing. Available online here: http://www.ibm.com/developerworks/java/library/j-fuzztest.html.

Optional: Fuzz Testing Tools and Techniques.

Optional: Wheeler, Secure Programming for Linux and Unix HOWTO. Available online here: http://www.dwheeler.com/secure-programs/.

Optional: Pfleeger and Pfleeger, Section 3.5 (Controls Against Program Threats).

Lecture 8

Topic: Software security: Defenses.

Slides: PDF.

Lecture 9

Topic: Crypto: Symmetric Foundations.

Slides: PDF.

Lecture 10

Topic: Crypto: Symmetric Foundations.

Slides: PDF.

Required reading: Kaufman, Perlman, and Speciner, Chapter 2 (Introduction to Cryptography)

Required reading: Kaufman, Perlman, and Speciner, Chapter 4 (Modes of Operation)

Lecture 11

Guest lecturer: David Aucsmith, Senior Director of Microsoft's Institute for Advanced Technology in Governments.

Older version of talk online here: http://www.cs.washington.edu/education/courses/csep590/05au/lectures/.

Lecture 12

Topic: Crypto: Symmetric and Asymmetric Foundations.

Slides: PDF.

Lecture 13

Topic: Crypto: Asymmetric Foundations.

Slides: PDF.

Lecture 14

Topic: Crypto: Asymmetric Foundations.

Slides: PDF.

Lecture 15

Topic: User authentication.

Slides: PDF.

Required reading: Pfleeger and Pfleeger, Section 4.5 (User Authentication).

Lecture 16

Topic: User authentication.

Slides: PDF.

Required reading: Biometric Comparison Chart.

Lecture 17

Topic: User authentication.

Slides: PDF.

Lecture 18

Topic: Network security.

Slides: PDF.

Lecture 19

Topic: Network security.

Slides: PDF.

Recommended reading (skim if you haven't taken a networks course): Pfleeger and Pfleeger, Section 7.1 (Network Concepts).

Required reading: Pfleeger and Pfleeger, Section 7.2, pages 427-432 (Denial of Service and Distributed Denial of Service)

Required reading: Pfleeger and Pfleeger, Section 7.4 (Firewalls).

Lecture 20

Guest lecture: Alexei Czeskis, Dan Halperin, Jon Hsieh, Karl Koscher, and Arvind Krishnamurthy.

Lecture 21

Guest lecture: Jacob West, Manager, Security Research Group, Fortify.

Slides: PDF.

Lecture 22

Topic: Web security and privacy.

Slides: PDF.

Lecture 23

Guest lecturer: Jon Callas, cofounder, CTO, and CSO of PGP Corporation.

Lecture 24

Guest lecturer: 3ric Johanson, senior security consultant.

Lecture 25

Topic: Network security and privacy (with Jaeyeon Jung).

Lecture 26

Topic: Ethics (no slides, but whiteboard discussion).

Lecture 27

Topic: Review.

Slides: PDF.

CSE logo Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 FAX