CS 231: Computer Security

Trust, SSH, and packet sniffing

[By class time on 9/17] Reading: Reflections on Trusting Trust, by Ken Thompson. Also, do some searching to learn about the aftermath of the presentation of this paper.
[By class time on 9/17] Reading: Chapter 1 of Ross Anderson's Security Engineering.
[By class time on 9/19] Reading: Sections 1, 3, 4, and 6 of The Secure Shell (SSH) Transport Layer Protocol. Post questions about this reading on Piazza.

Digging into SSH: RSA, key exchange, etc.

[Due 11:59PM 9/23] HTTP's Basic Access Authentication: a Story
[By class time on 9/22] Reading: Sections 2.1 and 2.2 of Security Engineering.
[By class time on 9/24] Reading: Chapter 5 of Security Engineering.
[By class time on 9/24] Reading: the Wikipedia article on RSA cryptosystem
[Due 11:59PM 9/29] Being Eve

Wrapping up SSH

SSL/TLS

[During the week of 10/6] A reading interlude. Read Chapters 2, 3, 4, and 19 of Security Engineering.
[Due 11:59PM Tuesday 10/14] Certificate dissection

Certificates, MITM, and some recap

Midterm break, MITM, hash-based attacks, etc.

Visitors, security policy models, etc.

More attack types. Wireless.

[Read for Monday 11/10] Smashing the Stack for Fun and Profit, by Aleph One. This classic is quite technical, and will be tougher if you haven't had PL or Org&Arch. But give understanding it your best shot, and bring questions to class for Monday. You may find this powerpoint presentation a helpful supplement to the original paper.
For your reading pleasure, if you wish, links to the security incident projects
Lab on 11/12: buffer overflow lab
[Due 5:00PM Monday 11/24] The final assignment

Office Hours, all in CMC 324

Fall 2014