INSE 6150: Security Evaluation Methodologies (Winter 2014)
Mondays, 17:45–20:15, FG-B070
- Instructor: Jeremy Clark, Office Hours: Mon 3:30 - 5:00, drop in, or email for appt (EV6.223)
The offical course outline is available here.
This course essentially covers how to evaluate the security of X, where X could be anything from a cryptographic protocol to a hardware chip to a large software system like an operating system to a service like email. The exact topics to be covered will be determined as the course progresses.
Students are responsible for attending the lectures and taking notes. No lecture notes will be provide outside of what is taught in class.
We will use the following freely available textbook (hardcopies can be be ordered). Exams and assignments will be based on what is presented during the lectures, with the textbooks providing additional detail and formalization:
- Security Engineering (Anderson): Online.
Assignments and Exams
Assignements are due by the end of class on the due date. They can be handed in during class, emailed to email@example.com anytime before the deadline, or slipped under my office door anytime before the deadline. See the assignment itself for the late policy.
- Assignment 1 (5%): Due
Feb 17Feb 24 (by end of class). [Link]
- Midterm Test (20%): On Feb 24 (in class).
- Assignment 2 (5%): Released March 17, Due March 31 (by end of class). [Link]
- Project (25%): Due April 14. [Link]
- Final Exam (45%): See ENCS for Exam Schedule.
If you wish, you can opt into creating scribe notes for one lecture by emailing me by Jan 20. Scribe notes will be marked out of 5, and scribing will entitle you to skip doing either assignment. Scribe notes should convey the material presented in the lecture to a degree that is sufficient for somone who did not attend the lecture.
Scribe notes are due one week after the lecture being scribed. Scribe notes should be human-readable (LaTeX, Word, image of handwritten notes). I prefer a digital copy, sent via email to firstname.lastname@example.org. Toward the end of the course, starting at a time TBA, we may implement two scribes per lecture to ensure everyone has a lecture to scribe. In this case, scribe notes are to be done individually.
Utkarsh Choudhary, Judah Paemka, Ekim Sahin, Vikranth Kanave, Usman Shafi, Mauricio Mendoza, Fady Mikhael, Sindhura Manthapuri, Jyoti Sharma, Kobra Khanmohammadi, Sruthi Veena Lakshmanan.
Students are responsible for attending the lectures and taking notes. No lecture notes will be provide outside of what is taught in class. For further background and reference, see the supplimentary materials provided for each lecture.
- January 6: Course Outline, Introduction, and evaluation of HTTPS
Supplimentary Material: SSL and HTTPS
Scribe Notes (Utkarsh Choudhary)
- January 13: Evaluation of HTTPS (cont)
Supplimentary Material: Lucky 13 (see Sec 6), Picture-in-Picture attacks
Scribe Notes (Judah Paemka)
- January 20: Attack trees, password alternatives, and evaluation frameworks
Supplimentary Material: SSL Terminators, Attack Trees, The Quest to Replace Passwords
Scribe Notes (Ekim Sahin)
- January 27: Requirements Engineering, Common Criteria, Case study
Supplimentary Material: DC Internet voting
Scribe Notes (Vikranth Kanave)
- February 3: Software Security, Overflow/Injection/ROP attacks, Static/Dynamic Analysis, Control Flow
Supplimentary Material: Return Oriented Programming, Control Flow Integrity, Tools applied to Heartbleed
Scribe Notes (Usman Shafi)
- February 3: Software Containment, Web Security: Cookies, Scripting, XSS/XSRF, Rebinding, Clickjacking
Supplimentary Material: Browser Security Handbook
Scribe Notes (Mauricio Mendoza)
- February 17: Reading Week
- February 24: Midterm (in-class)
- March 3: Volunerability Analysis Meta Compilation (Guest Lecture: Gaby Daghir)
- March 10: Midterm Review & Secure Function Evaluation (SFE)
Scribe Notes (Fady Mikhael)
- March 17: SFE (cont) & Cryptographic Evaluation
Scribe Notes (Sindhura Manthapuri)
- March 24: Security Proofs & Human Procedures
Scribe Notes (Jyoti Sharma)
- March 31: Procedures (cont) & Hardware
Scribe Notes (Kobra Khanmohammadi)
- March 17: No Lecture: Election Day
- March 17: STRIDE
Scribe Notes (Sruthi Veena Lakshmanan)