Lecture topics and readings are subject to change as the semester evolves.

Reading Types

  • [BG]: Background reading for lecture content
  • [DISC]: Reading for in-class and online forum discussion
  • [OPT]: Optional related reading on related topics, often seminal papers for an area

Note: You should never need to pay to download an article from the reading (e.g., from the ACM Digital Library). If you are on campus, you won’t be prompted to purchase articles. If you are off campus, you can go through the University Library. Alternatively, you can use the library’s EZproxy. You can even define a Chrome bookmark in your bookmark bar to automatically redirect the current page through the EZProxy.

javascript:void(location.href='https://proxying.lib.ncsu.edu/index.php?url='+location.href)


Preliminaries

Date Topic Readings Assignments
Tue 8/23 Course Introduction / Research Methods I
(Lecture 1)
  • Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link)
  • Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)
  • [OPT] SUNSPOT: An Implant in the Build Process (link)
  • Intro and Ethics Quiz (Moodle): Due Tue 8/30 11:59pm ET
Thu 8/25 Security Fundamentals
(Lecture 2)
  • [BG] Tools and Jewels, Ch 1


Topic: Crypto and Crypto Protocols

Date Topic Readings Assignments
Tue 8/30 Secret Key Crypto
(Lecture 3)
  • [BG] Tools and Jewels, Ch 2.1-2.2
  • [DISC] Egele et al., An Empirical Study of Cryptographic Misuse in Android Applications, ACM CCS, 2013. (link)
  • [OPT] Anderson, Why cryptosystems fail. In Proc. of ACM CCS, 1993. (link)
  • MP1: Due Tue 9/20 11:59pm ET
Thu 9/1 Hashes and Message Authentication
(Lecture 4)
  • [BG] Tools and Jewels, Ch 2.5-2.7
  • [DISC] Namprempre et al., Reconsidering Generic Composition, EuroCrypt, 2014. (link)
Tue 9/6 Asymmetric Cryptography
(Lecture 5)
  • [BG] Tools and Jewels, Ch 2.3-2.4
  • [OPT] Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of AMS, 46(2), 1999. (link)
Thu 9/8 Key Management
(Lecture 6)
  • [BG] Tools and Jewels, Ch 4.3, Ch 8
  • [DISC] Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In Proc. of ACM CCS, 2015. (link)
  • [OPT] Stark et al., Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate. In Proc. of IEEE S&P, 2019. (link)
Tue 9/13 User Authentication
(Lecture 7)
  • [BG] Tools and Jewels, Ch 3
  • [DISC] Li et al., The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers. In Proc. of USENIX Security, 2014. (link)
Thu 9/15 Authentication Protocols
(Lecture 8)
  • [BG] Tools and Jewels, Ch 4
  • [BG] Designing an Authentication System: A Dialogue in Four Scenes (link)
  • [DISC] Fett et al., A Comprehensive Formal Security Analysis of OAuth 2.0., In Proc. ACM CCS, 2016. (link)
  • RM1: Due Fri 9/16 11:59pm ET


Topic: Network Security

Date Topic Readings Assignments
Tue 9/20 Networking Background and TCP Attacks
(Lecture 9)
  • [BG] Tools and Jewels, Ch 11.3-11.7
  • [DISC] Jero et al., Identifier Binding Attacks and Defenses in Software-Defined Networks. In Proc of USENIX Security, 2017. (link)
  • [OPT] Saltzer et al. End-to-end arguments in system design. ACM ToCS. 2(4). 1984. (link)
  • MP2: Due Thu 10/20 11:59pm ET
Thu 9/22 Transport Layer Security
(Lecture 10)
  • [BG] Tools and Jewels, Ch 9.2
  • [DISC] Cremers et al., A Comprehensive Symbolic Analysis of TLS 1.3. In Proc. ACM CCS 2017. (link)
  • [OPT] The Illustrated TLS Connection (link)
Tue 9/27 Routing Security
(Lecture 11)
  • [DISC] Goldberg. Why is it Taking so Long to Secure Internet Routing?. Communications of the ACM. 57(10). 2014 (link)
Thu 9/29 DNS Security
(Lecture 12)
  • [BG] An Illustrated Guide to the Kaminsky DNS Vulnerability (link)
  • [DISC] Man et al., DNS Cache Poisoning Attack: Resurrections with Side Channels. In Proc. of ACM CCS, 2021. (link)
Tue 10/4 Firewalls and Tunnels
(Lecture 13)
  • [BG] Tools and Jewels, Ch 10
  • [DISC] Wool. A quantitative study of firewall configuration errors. IEEE Computer, 37(6), 2005. (link)
Thu 10/6 Intrusion Detection Systems
(Lecture 14)
  • [BG] Tools and Jewels, Ch 11.1-11.2
  • [DISC] The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection (link)
  • RM2: Due Fri 10/7 11:59pm ET


Midterm and Research Methods

Date Topic Readings Assignments
Tue 10/11 No Class
  • Fall Break (University Closed)
Thu 10/13 Midterm Exam
  • Course Intro and Threat Models
  • Crypto and Crypto Protocols
  • Network Security
Tue 10/18 Research Methods II / Exam Debrief
(Lecture 15)


Topic: Systems Security

Date Topic Readings Assignments
Thu 10/20 Software Vulnerabilities
(Lecture 16)
  • [BG] Tools and Jewels, Ch 6
  • [BG] Chapter 2, 3.6: Younan et al., Code Injection in C and C++: A Survey of Vulnerabilities and Countermeasures (link)
  • [OPT] NSF SEED Labs - Software Security Labs (link)
  • MP3: Due Fri 11/11 11:59pm ET
Tue 10/25 Access Control
(Lecture 17)
  • [BG] Operating System Security, Chapters 1, 2, and 5. (link)
  • [BG] [Part 1.A Only] Saltzer and Schroeder, The Protection of Information in Computer Systems. Proc. of the IEEE 63(9). 1975. (link)
  • [DISC] Krohn et al., Information Flow Control for Standard OS Abstractions. In PRoc. SOSP, 2007. (link)
Thu 10/27 Operating System Security
(Lecture 18)
  • [BG] Tools and Jewels, Ch 5
  • [BG] Operating System Security, Chapters 3, 4, and 10. (link)
  • [DISC] Sun et al., Security Namespace: Making Linux Security Frameworks Available to Containers. In Proc. USENIX Security, 2018. (link)
  • [OPT] Karger and Schell. Thirty Years Later: Lessons from the Multics Security Evaluation. In Proc. of ACSAC. 2002. (link)
  • RM3: Due Fri 10/28 11:59pm ET
Tue 11/1 Web Security
(Lecture 19)
  • [BG] Tools and Jewels, Ch 9
  • [DISC] Azad et al. Less is More: Quantifying the Security Benefits of Debloating Web Applications. In Proc. USENIX Security, 2019. (link)
Thu 11/3 University Wellness Day
Tue 11/8 Mobile Security
(Lecture 20)
  • [DISC] Deshotels et al., SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, In Proc. of ACM CCS 2016. (link)
  • [OPT] Mayrhofer et al., The Android Platform Security Model, 2019, arXiv:1904.05572 (link)
Thu 11/10 Cloud Security
(Lecture 21)
  • [BG] Operating System Security, Chapters 11 (link)
  • [DISC] Arnautov et al., SCONE: Secure Linux Containers with Intel SGX, In Proc. of USENIX OSDI 2016. (link)
  • RM4: Due Fri 11/11 11:59pm ET


Topic: Privacy

Date Topic Readings Assignments
Tue 11/15 Web Privacy
(Lecture 22)
  • [BG] Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance (Only Part 1 is required) (link)
  • [DISC] Li, Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web. In Proc. USENIX Security, 2020. (link)
  • MP4: Due Thu 12/1 11:59pm ET
Thu 11/17 Mobile Privacy
(Lecture 23)
  • [BG] Twelve Million Phones, One Dataset, Zero Privacy (link)
  • [DISC] Reardon et al., 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System, In Proc. of USENIX Security, 2019. (link)
  • [OPT] Enck et al., TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, In Proc. of OSDI, 2010. (link)
Tue 11/22 No Class
Thu 11/24 No Class
  • Thanksgiving Break (University Closed)
Tue 11/29 Anonymous Communication
(Lecture 24)
  • [DISC] Perta et al., A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients. In Proc. of PETS, 2015. (link)
  • [OPT] Dingledine et al., Tor: The second-generation onion router. In Proc. of USENIX Security, 2004. (link)


Final

Date Topic Readings Assignments
Thu 12/1 Research Project Presentations \ Wrap-up
(Lecture 25)
  • RM5: Due Thu 12/1 in class
Thu 12/8 Final Exam
  • Final exam is cummulative
  • 8:30-11:00am
  • RM6: Due Mon 12/5 11:59pm ET