| Module | Slides | Lecture
number | Lecture date | Textbook sections |
|---|
| 1 |
(PDF)
(3up)
| Lecture 1
| 7 Jan
| 1.1 – 1.11
|
| Optional reading: The 10 privacy principles of PIPEDA |
| 2 |
(PDF)
(3up)
| Lecture 2
| 9 Jan
| 3.1, 3.2
|
| Mandatory reading before class: Smashing The Stack For Fun And Profit |
| Optional reading: On the Evolution of Buffer Overflows |
| Optional reading: Exploiting Format String Vulnerabilities |
| Optional reading: Example format
string vulnerabilities (November 2011, May 2012) |
| Optional reading: A Taxonomy of Computer Program Security Flaws, with Examples |
| Lecture 3
| 14 Jan
| 3.3
|
| Optional reading: The Spread of the Sapphire/Slammer Worm; also: Slammed! |
| Optional reading: The inside story of the Conficker worm; also: Conficker C Analysis |
| Lecture 4
| 16 Jan
| 3.4
|
| Mandatory reading before class: Reflections on Trusting Trust |
| Optional reading: Linux Kernel "Back Door" Attempt |
| Optional reading: Did the FBI put a backdoor in OpenBSD? |
| Optional reading: Salami attacks |
| Optional reading: Two-factor Man-in-the-Middle attacks: ABN Ambro incident; Citibank incident |
| Optional reading: MITM Malware Re-Writes Online Bank Statements |
| Lecture 5
| 21 Jan
| 3.5
|
| Optional reading: An operating system kernel with a formal proof of security |
| 3 |
(PDF)
(3up)
| Lecture 6
| 23 Jan
| 4.1, 4.2, 4.3, 4.4
|
| Optional reading: Caja: Capability-based Javascript. Project webpage; draft specification |
| Optional reading: Android permissions demystified |
| Lecture 7
| 28 Jan
| 4.5
|
| Optional reading: MySpace Passwords Aren't So Dumb |
| Optional reading: The Top 50 Gawker Passwords |
| Optional reading: Gawker mishandles non-ASCII passwords |
| Optional reading: Secure Passwords Keep You Safer |
| Optional reading: Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication |
| Optional reading:
25-GPU cluster cracks every standard Windows password in <6 hours |
| Lecture 8
| 30 Jan
| 5.1, 5.2
|
| Optional reading: The difficuilties of fingerprints |
| Lecture 9
| 4 Feb
| 5.3, 5.4, 5.5
|
| Mandatory reading before class: The Protection of Information in Computer Systems, section I.A. (only section I.A. is mandatory) |
| Optional reading: The Security Principles of Saltzer and Schroeder, illlustrated with scenes from Star Wars |
| Optional reading: SELinux |
| 4 |
(PDF)
(3up)
| Lecture 10
| 6 Feb
| 7.1
|
| Optional reading: Fake social media ID duped security-aware IT guys |
| Lecture 11
| 11 Feb
| 7.2
|
| Optional reading: The New Threat: Targeted Internet Traffic Misdirection |
| Optional reading: Cybercrime 2.0: When the Cloud Turns Dark |
| Optional reading: Pakistan hijacks YouTube; The flap heard around the world; Egypt leaves the Internet; Why Google Went Offline Today and a Bit about How the Internet Works |
| Lecture 12
| 13 Feb
| 7.3, 7.4
|
| Optional reading: The DDoS That Knocked Spamhaus Offline (And How We Mitigated It); The DDoS That Almost Broke the Internet; Biggest DDoS ever aimed at Cloudflare's content delivery network; Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
|
| 5 |
(PDF)
(3up)
| Lecture 13
| 25 Feb
| 2.4
|
| Optional reading: COPACOBANA |
| Optional reading: A Stick Figure Guide to AES |
| Lecture 14
| 27 Feb
| 2.7
|
| Lecture 15
| 4 Mar
| 2.8, 7.3
|
| Optional reading: Tree of Trust (red: root CA; green: intermediate CA) |
| Optional reading: Cracking WEP in 60 seconds |
| Optional reading: Intercepting Mobile Communications: The Insecurity of 802.11 |
| Lecture 16
| 6 Mar
| 7.3, 10
|
| Lecture 17
| 11 Mar
| 7.3, 10
|
| Optional reading: Turkish Registrar Enabled Phishers to Spoof Google, also Comodogate and DigiNotar incident |
| Lecture 18
| 13 Mar
| 7.3, 10
|
| Optional reading: The Tor Project |
| Optional reading: SSH: passwords or keys? |
| Optional reading: Mixminion |
| Lecture 19
| 18 Mar
| 7.3, 10
|
| Optional reading: De-Anonymizing Alt.Anonymous.Messages |
| Optional reading: Off-the-Record Messaging |
| 6 |
(PDF)
(3up)
| Lecture 20
| 20 Mar
| 6.1 – 6.7
|
| Lecture 21
| 25 Mar
| 6.8, 10.4
|
| Optional reading: ℓ-Diversity: Privacy Beyond k-Anonymity |
| Optional reading: t-Closeness: Privacy Beyond k-Anonymity and ℓ-Diversity |
| Optional reading: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization |
| 7 |
(PDF)
(3up)
| Lecture 22
| 27 Mar
| 8.1, 8.2, 8.3
|
| Optional reading: Investigation into the loss of a hard drive at Employment and Social Development Canada |
| Optional reading: IST's continuity plan in case of a pandemic |
| Optional reading: UW's emergency response policy |
| Optional reading: Stealing Commodities |
| Lecture 23
| 1 Apr
| 8.4, 11.1, 11.2
|
| Optional reading: PogoWasRight.org, databreaches.net, OSF DataLossDB |
| Optional reading: The Computer Centre Incident at Concordia |
| Optional reading: Waterloo's Electronic Media Disposal Guidelines |
| Lecture 24
| 3 Apr
| 11.4, 11.5, 11.6
|
| Optional viewing: A Fair(y) Use Tale |
| Optional viewing: The great copyright battle: UBC's bold stand against Access Copyright |
| Optional viewing: Unintended Consequences: Ten Years under the DMCA |
| Optional reading: The Athens Affair, SISMI-Telecom scandal |
,
| Optional reading: Bruce Schneier on Full Disclosure,
Google's view,
Microsoft's view
|
| Optional reading: Codes of ethics:
ACM
IEEE
CIPS
|
