Steam-powered Turing Machine University of Washington Computer Science & Engineering
 CSE 484 / CSE M 584: Computer Security
  CSE Home   About Us    Search    Contact Info 

 Course home
 Discussion boards

Section 9 - 12/8

This section was a review section. We covered many topics including:
  • The security mindset: assets, risks, threats, attackers, ex) we talked about a medication distribution machine called pyxis
  • Buffer Overflow
  • Defenses against buffer overflow attacks
  • Format Strings
  • Web security: cookies, XSS, XSRF, same-origin policy
  • Diffie-Hellman: algorithm, why is it secure
  • RSA and OAEP: algorithm, signatures, why is it secure
  • MACs
  • DSS
  • TLS
There was also a practice exam handed out, if you did not get one for some reason, please see me during class.

Section 8 - 12/1

We talked about basic group theory and discussed the algorithms behind RSA and DH.

Section 7 - 11/17

We talked more about the same-origin policy and provided some examples and motivations for different scenarios.

Section 6 - 11/10

We discussed linux authentication and authorization in several contexts.

Section 5 - 11/3

We discussed the general structure of the internet and explored the impetus for several common attacks. Next was an overview of SQL and some examples of code injection in html. Lastly we looked at a homebrew webserver and examined its problems.

Section 4 - 10/27

We talked about block ciphers and how they are used to build stream ciphers through modes. The modes discussed were ECB, CBC, CTR, PCBC and a silly homebrew mode.

Section 3 - 10/20

Cancelled. Go to the career fair or use this time to work on lab 1 with your group. Their will be extra Friday office hours (12:00 - 2:20) to make up for lack of section this week.

Section 2 - 10/13

This week we took a quick look at how format string work and better yet how to exploit the poor use of them. We alse explored the history of simple cryptography and how easy it is to break.


Section 1 - 10/6

This week we had some review of C and assembly. We looked at how the stack is used in the context of sploit1 and discussed the strategy for performing a buffer overflow attack.


CSE logo Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 FAX
[comments to Daniel Halperin]