Important notes about the lecture slides (read this first)
Lecture slides
| Module | Slides | Lecture number | Lecture date | Textbook sections |
|---|---|---|---|---|
| 1 | (PDF)
(3up) | Lecture 1 | 5 January | 1.1 – 1.11 |
| 2 | (PDF)
(3up) | Lecture 2 | 7 January | 3.1, 3.2 |
| Mandatory reading before class: Smashing The Stack For Fun And Profit | ||||
| Optional reading: On the Evolution of Buffer Overflows | ||||
| Optional reading: Exploiting Format String Vulnerabilities | ||||
| Optional reading: Example format string vulnerability from Aug 2008 | ||||
| Optional reading: A Taxonomy of Computer Program Security Flaws, with Examples | ||||
| Lecture 3 | 12 January | 3.3 | ||
| Optional reading: The Spread of the Sapphire/Slammer Worm; also: Slammed! | ||||
| Lecture 4 | 14 January | 3.4 | ||
| Mandatory reading before class: Reflections on Trusting Trust | ||||
| Optional reading: Linux Kernel "Back Door" Attempt | ||||
| Optional reading: Salami attacks | ||||
| Optional reading: Two-factor Man-in-the-Middle attacks: ABN Ambro incident; Citibank incident | ||||
| Lecture 5 | 19 January | 3.5 | ||
| Optional reading: An operating system kernel with a formal proof of security | ||||
| 3 | (PDF)
(3up) | Lecture 6 | 21 January | 4.1, 4.2, 4.3, 4.4 |
| Optional reading: Caja: Capability-based Javascript. Project webpage; draft specification | ||||
| Lecture 7 | 26 January | 4.5 | ||
| Optional reading: MySpace Passwords Aren't So Dumb | ||||
| Optional reading: Secure Passwords Keep You Safer | ||||
| Optional reading: Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication | ||||
| Lecture 8 | 28 January | 5.1, 5.2 | ||
| Lecture 9 | 2 February | 5.3, 5.4, 5.5 | ||
| Mandatory reading before class: The Protection of Information in Computer Systems, section I.A. (only section I.A. is mandatory) | ||||
| Optional reading: The Security Principles of Saltzer and Schroeder, illlustrated with scenes from Star Wars | ||||
| 4 | (PDF)
(3up) | Lecture 10 | 4 February | 7.1 |
| Lecture 11 | 9 February | 7.2 | ||
| Lecture 12 | 11 February | 7.3, 7.4 | ||
| Optional reading: Pakistan hijacks YouTube | ||||
| 5 | (PDF)
(3up) | Lecture 13 | 23 February | 2.4 |
| Optional reading: COPACOBANA | ||||
| Lecture 14 | 25 February | 2.7 | ||
| Lecture 15 | 2 March | 2.8, 7.3 | ||
| Lecture 16 | 4 March | 7.3, 10 | ||
| Optional reading: Cracking WEP in 60 seconds | ||||
| Optional reading: Intercepting Mobile Communications: The Insecurity of 802.11 | ||||
| Lecture 17 | 9 March | 7.3, 10 | ||
| Optional reading: The Tor Project | ||||
| Optional reading: The Sybil Attack | ||||
| Lecture 18 | 11 March | 7.3, 10 | ||
| Optional reading: Mixminion | ||||
| Optional reading: Off-the-Record Messaging | ||||
| 6 | (PDF)
(3up) | Lecture 19 | 16 March | 6.1 – 6.4 |
| Lecture 20 | 18 March | 6.5 – 6.7 | ||
| Lecture 21 | 23 March | 6.8, 10.4 | ||
| Optional reading: ℓ-Diversity: Privacy Beyond k-Anonymity | ||||
| Optional reading: t-Closeness: Privacy Beyond k-Anonymity and ℓ-Diversity | ||||
| 7 | (PDF)
(3up) | Lecture 22 | 25 March | 8.1, 8.2, 8.3 |
| Optional reading: UW's continuity plan in case of a pandemic | ||||
| Optional reading: UW's emergency response policy | ||||
| Lecture 23 | 30 March | 8.4, 11.1, 11.2 | ||
| Optional reading: PogoWasRight.org, databreaches.net: Privacy news, data breaches, and privacy-related events and resources from around the world | ||||
| Optional reading: Open Security Foundation's Data Loss Database | ||||
| Optional reading: The Computer Centre Incident at Concordia | ||||
| Optional reading: Visual Cryptography (example) | ||||
| Lecture 24 | 1 April | 11.4, 11.5, 11.6 | ||
| Optional viewing: The Athens Affair | ||||
| Optional viewing: A Fair(y) Use Tale | ||||
| Optional reading: Bruce Schneier on Full Disclosure | ||||
| Optional reading: Codes of ethics: ACM IEEE CIPS | ||||
