Schedule #

Disclaimer: Note that the schedule is subject to change as the semester evolves.

Note: You should never need to pay to download an article from the reading (e.g., from the ACM Digital Library). If you are on campus, you won’t be prompted to purchase articles. If you are off campus, you can go through the University Library. Alternatively, you can use the library’s EZproxy. You can even define a Chrome bookmark in your bookmark bar to automatically redirect the current page through the EZProxy.

1
javascript:void(location.href='https://proxying.lib.ncsu.edu/index.php?url='+location.href)

Deadlines #

Intro: Fri, Aug 29 - 11:59pm (in )
Midterm: Wed, Oct 8 - 11:45am (in )
Final: Mon, Dec 8 - 8:30am (in )
Mini-Projects:
- MP1: Fri, Sep 12 - 11:59pm (in )
- MP2: Fri, Oct 3 - 11:59pm (in )
- MP3: Fri, Nov 7 - 11:59pm (in )
- MP4: Tue, Dec 2 - 11:59pm (in )
Research Project:
- RM1: Fri, Sep 5 - 11:59pm (in )
- RM2: Fri, Sep 26 - 11:59pm (in )
- RM3: Fri, Oct 17 - 11:59pm (in )
- RM4: Fri, Nov 7 - 11:59pm (in )
- RM5: Mon, Dec 1 - 11:45am (in )
- RM6: Tue, Dec 2 - 11:59pm (in )

Week 1 #

Monday, 2025-08-18 - Friday, 2025-08-22

Mon - Aug 18, 2025| First day of classes

Mon - Aug 18, 2025

10:15am-11:30am

Lecture 1: Course Introduction and Research Methods

Slides, Recording

Additional Material:

🗎 Ken Thompson, Reflections on Trusting Trust., Turing Award Lecture, 1983.
🗎 Michael J. Hanson, Efficient Reading of Papers in Science and Technology, University of Washington, 1989.

Wed - Aug 20, 2025

10:15am-11:30am

Lecture 2: Security Fundamentals

Slides

Additional Material:

🕮 Tools and Jewels, Ch 1
🗎 Pfleeger and Cunningham, Why Measuring Security Is Hard, IEEE Security & Privacy Magazine, Volume 8, Issue 4, 2010.

Week 2 #

Monday, 2025-08-25 - Friday, 2025-08-29

Mon - Aug 25, 2025

10:15am-11:30am

Lecture 3: Intro to Cryptography

Discussion:

🗎 Egele et al., An Empirical Study of Cryptographic Misuse in Android Applications, ACM CCS, 2013.

Additional Material:

🕮 Tools and Jewels, Ch 2.1-2.2
🗎 R. Anderson, Why cryptosystems fail, ACM CCS, 1993.
🗎 Krause et al., "That's my perspective from 30 years of doing this": An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code, USENIX Security, 2025.

Wed - Aug 27, 2025

10:15am-11:30am

Lecture 4: Hashes & Message Authentication

Discussion:

🗎 Namprempre et al., Reconsidering Generic Composition, EuroCrypt, 2014.

Additional Material:

🕮 Tools and Jewels, Ch 2.5-2.7

Fri - Aug 29, 2025

11:59pm

Deadline: Intro (via GradeScope)

Week 3 #

Monday, 2025-09-01 - Friday, 2025-09-05

Mon - Sep 01, 2025| Labor Day - No Classes, University Closed

Wed - Sep 03, 2025

10:15am-11:30am

Lecture 5: Asymmetric Cryptography

Additional Material:

🕮 Tools and Jewels, Ch 2.3-2.4
🗎 Boneh, Twenty years of attacks on the RSA cryptosystem, Notices of AMS, 46(2), 1999.

Fri - Sep 05, 2025

11:59pm

Deadline: RM1

Week 4 #

Monday, 2025-09-08 - Friday, 2025-09-12

Mon - Sep 08, 2025

10:15am-11:30am

Lecture 6: Key Management

Discussion:

🗎 Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, ACM CCS, 2015.

Additional Material:

🕮 Tools and Jewels, Ch 4.3, Ch 8
🗎 Stark et al., Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate., IEEE S&P, 2019.

Wed - Sep 10, 2025

10:15am-11:30am

Lecture 7: Authentication Protocols

Discussion:

🗎 Fett et al., A Comprehensive Formal Security Analysis of OAuth 2.0, ACM CCS, 2016.

Additional Material:

🕮 Tools and Jewels, Ch 4
🌐 Designing an Authentication System: A Dialogue in Four Scenes
🗎 Lowe, An attack on the Needham-Schroeder public-key authentication protocol, Information Processing Letters. 56(3), 1995.
🗎 Neuman and Ts'o, Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9), 1994.

Fri - Sep 12, 2025

Deadline: MP1 (11:59pm)

Week 5 #

Monday, 2025-09-15 - Friday, 2025-09-19

Mon - Sep 15, 2025

10:15am-11:30am

Lecture 8: User Authentication

Discussion:

🗎 Oesch and Ruoti, That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers, USENIX Security, 2020.

Additional Material:

🕮 Tools and Jewels, Ch 3
🗎 Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms., IEEE S&P, 2012.
🗎 Florencio et al., An Administrator's Guide to Internet Password Research., LISA, 2014.

Tue - Sep 16, 2025| Wellness Day - No Classes

Wed - Sep 17, 2025

10:15am-11:30am

Lecture 9: Intro to Network Security

Discussion:

🗎 Jero et al., Identifier Binding Attacks and Defenses in Software-Defined Networks, USENIX Security, 2017.

Additional Material:

🕮 Tools and Jewels, Ch 11.3-11.7
🗎 Saltzer et al., End-to-end arguments in system design, ACM ToCS. 2(4), 1984.

Week 6 #

Monday, 2025-09-22 - Friday, 2025-09-26

Mon - Sep 22, 2025

10:15am-11:30am

Lecture 10: Transport Layer Security

Discussion:

🗎 Cremers et al., A Comprehensive Symbolic Analysis of TLS 1.3, ACM CCS, 2017.

Additional Material:

🕮 Tools and Jewels, Ch 9.2
🌐 The Illustrated TLS Connection

Wed - Sep 24, 2025

10:15am-11:30am

Lecture 11: Routing Security

Discussion:

🗎 Goldberg, Why is it Taking so Long to Secure Internet Routing?, Communications of the ACM. 57(10), 2014.

Fri - Sep 26, 2025

Deadline: RM2 (11:59pm)

Week 7 #

Monday, 2025-09-29 - Friday, 2025-10-03

Mon - Sep 29, 2025

10:15am-11:30am

Lecture 12: DNS Security

Discussion:

🗎 Man et al., DNS Cache Poisoning Attack: Resurrections with Side Channels, ACM CCS, 2021.

Additional Material:

🌐 An Illustrated Guide to the Kaminsky DNS Vulnerability

Wed - Oct 01, 2025

10:15am-11:30am

Lecture 13: VPN, Firewalls & Tunnels

Discussion:

🗎 Wool, A quantitative study of firewall configuration errors, IEEE Computer, 37(6), 2005.

Additional Material:

🕮 Tools and Jewels, Ch 10

Fri - Oct 03, 2025

Deadline: MP2 (11:59pm)

Week 8 #

Monday, 2025-10-06 - Friday, 2025-10-10

Mon - Oct 06, 2025

10:15am-11:30am

Lecture 14: Intrusion Detection Systems

Discussion:

🗎 The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection

Additional Material:

🕮 Tools and Jewels, Ch 11.1-11.2

Wed - Oct 08, 2025

10:15am

Midterm Exam (10:15am) #

10:15am - 11:30am (during class time)
Allowed resources:
- One hand-written, double sided, 8.5"x11" sized sheet with personal notes
- Calculator (no internet access!)

Week 9 #

Monday, 2025-10-13 - Friday, 2025-10-17

Mon - Oct 13, 2025| Fall Break - No Classes

Tue - Oct 14, 2025| Fall Break - No Classes

Wed - Oct 15, 2025

10:15am-11:30am

Lecture 15: Research Methods 2

Additional Material:

🗎 Schwartz, The importance of stupidity in scientific research, Journal of Cell Science, 2008.

Fri - Oct 17, 2025

Deadline: RM3 (11:59pm)

Week 10 #

Monday, 2025-10-20 - Friday, 2025-10-24

Mon - Oct 20, 2025

10:15am-11:30am

Lecture 16: Access Control

Discussion:

🗎 Krohn et al., Information Flow Control for Standard OS Abstractions, SOSP, 2007.

Additional Material:

🕮 Jaeger, Operating System Security, Chapters 1, 2, and 5.
🗎 Saltzer and Schroeder, [Part 1.A Only] The Protection of Information in Computer Systems., Proceedings of the IEEE, 63(9), 1975.

Wed - Oct 22, 2025

10:15am-11:30am

Lecture 17: Operating Systems

Discussion:

🗎 Sun et al., Security Namespace: Making Linux Security Frameworks Available to Containers, USENIX Security, 2018.

Additional Material:

🕮 Tools and Jewels, Ch 5
🕮 Jaeger, Operating System Security, Chapters 3, 4, and 10

Week 11 #

Monday, 2025-10-27 - Friday, 2025-10-31

Mon - Oct 27, 2025

10:15am-11:30am

Lecture 18: Software Vulnerabilities

Discussion:

🗎 Mao and Payer, Choose One: Android Performance or Security!, USENIX ;login:, 2024.

Additional Material:

🕮 Tools and Jewels, Ch 6
🕮 Younan et al., [Chapter 2 and Section 3.6] Code Injection in C and C++: A Survey of Vulnerabilities and Countermeasures
🌐 NSF SEED Labs - Software Security Labs

Wed - Oct 29, 2025

10:15am-11:30am

Lecture 19: Software Supply Chain Security

Discussion:

🗎 Cox, Fifty Years of Open Source Software Supply Chain Security: For decades, software reuse was only a lofty goal. Now it's very real., ACM Queue, 2025.

Week 12 #

Monday, 2025-11-03 - Friday, 2025-11-07

Mon - Nov 03, 2025

10:15am-11:30am

Lecture 20: Web Security

Discussion:

🗎 Azad et al., Less is More: Quantifying the Security Benefits of Debloating Web Applications, USENIX Security, 2019.

Additional Material:

🕮 Tools and Jewels, Ch 9

Wed - Nov 05, 2025

10:15am-11:30am

Lecture 21: Mobile Security

Discussion:

🗎 Deshotels et al., SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, ACM CCS, 2016.

Additional Material:

🗎 Mayrhofer et al., The Android Platform Security Model, arXiv:1904.05572, 2023.

Fri - Nov 07, 2025

Deadline: RM4 (11:59pm)
Deadline: MP3 (11:59pm)

Week 13 #

Monday, 2025-11-10 - Friday, 2025-11-14

Mon - Nov 10, 2025

10:15am-11:30am

Lecture 22: Tentative No Class or Cloud Security

Wed - Nov 12, 2025

10:15am-11:30am

Lecture 23: Web Privacy

Discussion:

🗎 Li, Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web, USENIX Security, 2020.

Additional Material:

🗎 EFF, [Part 1] Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance, 2019.
🗎 Nikiforakis et al., Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting, IEEE S&P, 2013.
🗎 Roesner et al., ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets, ;login: Magazine, 2012.
🗎 Acar et al., The Web Never Forgets: Persistent Tracking Mechanisms in the Wild, ACM CCS, 2014.
🗎 Privacy Violations Using Microtargeted Ads: A Case Study, ICDMW, 2010.

Week 14 #

Monday, 2025-11-17 - Friday, 2025-11-21

Mon - Nov 17, 2025

10:15am-11:30am

Lecture 24: Guest Lecture: Matt Caswell, President of the OpenSSL Foundation

Wed - Nov 19, 2025

10:15am-11:30am

Lecture 25: Mobile Privacy

Discussion:

🗎 Reardon et al., 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System, USENIX Security, 2019.

Additional Material:

🌐 NY Times, Twelve Million Phones, One Dataset, Zero Privacy
🗎 Enck et al., TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, OSDI, 2010.
🗎 Wei et al., Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps., ACM TOPS, 2018.

Week 15 #

Monday, 2025-11-24 - Friday, 2025-11-28

Mon - Nov 24, 2025

10:15am-11:30am

Lecture 26: Anonymous Communication

Discussion:

🗎 Perta et al., A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients., PETS, 2015.

Additional Material:

🗎 Dingledine et al., Tor: The second-generation onion router, USENIX Security, 2004.

Wed - Nov 26, 2025| Thanksgiving Break - No Classes

Thu - Nov 27, 2025| Thanksgiving Holiday - No Classes, University Closed

Fri - Nov 28, 2025| Thanksgiving Holiday - No Classes, University Closed

Week 16 #

Monday, 2025-12-01 - Friday, 2025-12-05

Mon - Dec 01, 2025

10:15am-11:30am

Lecture 27: Research Project Presentations and Wrap-up

Mon - Dec 01, 2025

Deadline: RM5 (11:59pm)

Tue - Dec 02, 2025| Last day of classes

Tue - Dec 02, 2025

Deadline: MP4 (11:59pm)
Deadline: RM6 (11:59pm)

Wed - Dec 03, 2025| Reading Day

Week 17 #

Monday, 2025-12-08 - Friday, 2025-12-12

Mon - Dec 08, 2025

8:30am

Final Exam (8:30am – 11:00am) #

150 min exam duration
Final exam is cumulative
1230 Engineering Building 2 (same room as class)
Allowed resources:
- Two hand-written, double sided, 8.5"x11" sized sheet with personal notes
- Calculator (no internet access!)

Sat - Dec 13, 2025| Fall Commencement Exercises

CSC/ECE 574

Schedule #

Deadlines #

Week 1 #

Week 2 #

Week 3 #

Week 4 #

Week 5 #

Week 6 #

Week 7 #

Week 8 #

Midterm Exam (10:15am) #

Week 9 #

Week 10 #

Week 11 #

Week 12 #

Week 13 #

Week 14 #

Week 15 #

Week 16 #

Week 17 #

Final Exam (8:30am – 11:00am) #