Important notes about the lecture slides (read this first)
Lecture slides
| Module | Slides | Lecture number | Lecture date | Textbook sections |
|---|---|---|---|---|
| 1 | (PDF)
(3up) | Lecture 1 | 7 May | 1.1 – 1.11 |
| Optional reading: The 10 privacy principles of PIPEDA | ||||
| 2 | (PDF)
(3up) | Lecture 2 | 9 May | 3.1, 3.2 |
| Mandatory reading before class: Smashing The Stack For Fun And Profit | ||||
| Optional reading: On the Evolution of Buffer Overflows | ||||
| Optional reading: Exploiting Format String Vulnerabilities | ||||
| Optional reading: Example format string vulnerabilities (November 2011, May 2012) | ||||
| Optional reading: A Taxonomy of Computer Program Security Flaws, with Examples | ||||
| Lecture 3 | 14 May | 3.3 | ||
| Optional reading: The Spread of the Sapphire/Slammer Worm; also: Slammed! | ||||
| Lecture 4 | 16 May | 3.4 | ||
| Mandatory reading before class: Reflections on Trusting Trust | ||||
| Optional reading: Linux Kernel "Back Door" Attempt | ||||
| Optional reading: Did the FBI put a backdoor in OpenBSD? | ||||
| Optional reading: Salami attacks | ||||
| Optional reading: Two-factor Man-in-the-Middle attacks: ABN Ambro incident; Citibank incident | ||||
| Optional reading: MITM Malware Re-Writes Online Bank Statements | ||||
| Lecture 5 | 21 May | 3.5 | ||
| Optional reading: An operating system kernel with a formal proof of security | ||||
| 3 | (PDF)
(3up) | Lecture 6 | 23 May | 4.1, 4.2, 4.3, 4.4 |
| Optional reading: Caja: Capability-based Javascript. Project webpage; draft specification | ||||
| Optional reading: Android permissions demystified | ||||
| Lecture 7 | 28 May | 4.5 | ||
| Optional reading: MySpace Passwords Aren't So Dumb | ||||
| Optional reading: The Top 50 Gawker Passwords | ||||
| Optional reading: Gawker mishandles non-ASCII passwords | ||||
| Optional reading: Secure Passwords Keep You Safer | ||||
| Optional reading: Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication | ||||
| Optional reading: 25-GPU cluster cracks every standard Windows password in <6 hours | ||||
| Lecture 8 | 30 May | 5.1, 5.2 | ||
| Optional reading: The difficuilties of fingerprints | ||||
| Lecture 9 | 4 June | 5.3, 5.4, 5.5 | ||
| Mandatory reading before class: The Protection of Information in Computer Systems, section I.A. (only section I.A. is mandatory) | ||||
| Optional reading: The Security Principles of Saltzer and Schroeder, illlustrated with scenes from Star Wars | ||||
| Optional reading: SELinux | ||||
| 4 | (PDF)
(3up) | Lecture 10 | 6 June | 7.1 |
| Optional reading: How a Classic Man-in-the-Middle Attack Saved Colombian Hostages | ||||
| Lecture 11 | 11 June | 7.2 | ||
| Optional reading: Storm | ||||
| Lecture 12 | 13 June | 7.3, 7.4 | ||
| Optional reading: Pakistan hijacks YouTube | ||||
| Optional reading: The flap heard around the world | ||||
| Optional reading: Egypt leaves the Internet | ||||
| 5 | (PDF)
(3up) | Lecture 13 | 18 June | 2.4 |
| Optional reading: COPACOBANA | ||||
| Optional reading: A Stick Figure Guide to AES | ||||
| Lecture 14 | 20 June | 2.7 | ||
| Lecture 15 | 25 June | 2.8, 7.3 | ||
| Lecture 16 | 27 June | 7.3, 10 | ||
| Optional reading: Cracking WEP in 60 seconds | ||||
| Optional reading: Intercepting Mobile Communications: The Insecurity of 802.11 | ||||
| Lecture 17 | 2 July | 7.3, 10 | ||
| Optional reading: Certified Lies: Detecting and Defeating Government. Interception Attacks Against SSL | ||||
| Optional reading: The Tor Project | ||||
| Optional reading: The Sybil Attack | ||||
| Lecture 18 | 4 July | 7.3, 10 | ||
| Optional reading: SSH: passwords or keys? | ||||
| Optional reading: Mixminion | ||||
| Optional reading: Off-the-Record Messaging | ||||
| 6 | (PDF)
(3up) | Lecture 19 | 9 July | 6.1 – 6.4 |
| Lecture 20 | 11 July | 6.5 – 6.7 | ||
| Lecture 21 | 16 July | 6.8, 10.4 | ||
| Optional reading: ℓ-Diversity: Privacy Beyond k-Anonymity | ||||
| Optional reading: t-Closeness: Privacy Beyond k-Anonymity and ℓ-Diversity | ||||
| Optional reading: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization | ||||
| 7 | (PDF)
(3up) | Lecture 22 | 18 July | 8.1, 8.2, 8.3 |
| Optional reading: IST's continuity plan in case of a pandemic | ||||
| Optional reading: UW's emergency response policy | ||||
| Lecture 23 | 23 July | 8.4, 11.1, 11.2 | ||
| Optional reading: PogoWasRight.org, databreaches.net: Privacy news, data breaches, and privacy-related events and resources from around the world | ||||
| Optional reading: Open Security Foundation's Data Loss Database | ||||
| Optional reading: The Computer Centre Incident at Concordia | ||||
| Optional reading: Visual Cryptography (example) | ||||
| Optional reading: Waterloo's Electronic Media Disposal Guidelines | ||||
| Lecture 24 | 25 July | 11.4, 11.5, 11.6 | ||
| Optional reading: The Athens Affair | ||||
| Optional viewing: A Fair(y) Use Tale | ||||
| Optional reading: Bruce Schneier on Full Disclosure (Google's view) (Microsoft's view) | ||||
| Optional reading: Codes of ethics: ACM IEEE CIPS | ||||
