Please check this page regularly.






Week 1

(Aug 31)



Secure Software Development Models/Methodology & Assurance

(Reading Materials)


[Completed till slide 38]



(Lecture 1)

Week 2

(Sept 7)


Secure Software Development Models/Methodology & Assurance: Building Security In


(From Book: Building Security In + Reading List ) 

[Completed till slide 38]


(Lecture 2)

Week 3

(Sept 14)


(Continue Lecture 2)


Secure Programming


         Pointer Subterfuge


(From Book: Secure Coding in C and C++)


(Lecture 3)


(Lecture 4)

Week 4

(Sept 21)


(Start Lecture 4)

Secure Programming

         Dynamic Memory Management


(From Books: Secure Coding in C and C++)


Completed till slide 60 of Lecture 5]


(Lecture 5)

Week 5

(Sept 28)

(Continue Lecture 2)

Secure Programming

         Race Conditions, Integer Issues  & Other Issues

(From Books: Secure Coding in C and C++)


(Lecture 6)


(Lecture 7)

Week 6

(Oct 5)


(Continue last few slides of Lecture 7)


Secure Programming Practices

         Static & Dynamic Analysis

(From Book: Secure Programming with Static Analysis & papers)




(Lecture 8)




Week 7

(Oct 12)

Web Security & Defenses

         SQL Injection

         Cross-Site Scripting



(Book: SQL Injection Attack and Defenses)


(Lecture 9)






(Lecture 10)

Week 8

(Oct 19)

(Continue Lecture 10)

Guest Lecture at 12 Noon -- Introduction to the World of Blockchain by Paul Rimba

(Research Scientist, Data61/CSIRO & Visiting Scientist at MIT Media Lab).

Other Blockchain resources from Dr. C. Mohan (IBM Fellow):



(Lecture slides)

(Oct 26)



Week 8

(Nov 2)

Project proposals/discussion

Project teams to meet separately (30 min slots)

Week 9

(Nov 9)


Attribute/ Encryption Based Access Control


(Guest Lecture: Runhua Xu)


Reading references:

1.    Sahai, Amit, and Brent Waters. "Fuzzy identity-based encryption." In Eurocrypt, vol. 3494, pp. 457-473. 2005.


2.    Identity based encryption from the Weil pairing by D. Boneh and M. Franklin, SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003.  Extended abstract in proc. of Crypto '2001, LNCS Vol. 2139, Springer-Verlag, pp. 213-229, 2001


3.    Bethencourt, John, Amit Sahai, and Brent Waters. "Ciphertext-policy attribute-based encryption." 2007 IEEE symposium on security and privacy (S&P'07). IEEE, 2007.


4.    Waters, Brent. "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization." In Public Key Cryptography, vol. 6571, pp. 53-70. 2011.


5.    Chenette, Nathan, Kevin Lewi, Stephen A. Weis, and David J. Wu. "Practical order-revealing encryption with limited leakage." In International Conference on Fast Software Encryption, pp. 474-493. Springer Berlin Heidelberg, 2016.


(Lecture slide)

Week 10

(Nov 16)

Continue Remaining of Lecture 9/10


Week 11

(Nov 19)


Paper Presentation/review

Topics: SQL injection and XSS

30 min time slots


1.    SQL-IDS: A Specification-based Approach for SQL-Injection Detection

Presenter: Jamie Gambetta

Primary review: Michael Wienczkowski

Secondary reviewer: Qirui Sun


2.       SQL DOM: Compile Time Checking of Dynamic SQL Statements

Presenter: Deep Bhojani

Primary review: Qirui Sun

Secondary reviewer: John Correll


3.       SQLProb: A Proxy-based Architecture towards Preventing SQL Injection Attacks

Presenter: Harold Gosney

Primary review: John Correll

Secondary reviewer: Kevin Donohue


4.    Automatic Web Security Unit Testing: XSS Vulnerability Detection

PresenterJinlai Xu

Primary review: Eric Corrado

Secondary reviewer: Michael Wienczkowski


5.    SWAP: Mitigating XSS Attacks using a Reverse Proxy

Presenter: Ramki Ravichandran

Primary review: Kevin Donohue

Secondary reviewer: Eric Corrado



(Nov 23)



 Week 12

(Nov 30)


Paper Presentations

Topic: HealthCare Security and Privacy

30 min time slots


1.    Self-tracking for Mental Wellness: Understanding Expert Perspectives and Student Experiences

Presenter: John Correll
Primary Reviewer: Ramki Ravichandran
Secondary Reviewer:

2.    MeD-Lights: A Usable Metaphor for Patient Controlled Access to Electronic Health Records

Presenter: Qirui Sun
Primary Reviewer: Deep Bhojani
Secondary Reviewer: Jinlai Xu

3.    An Approach to Modular and Testable Security Models of Real-world Health-care Applications

Presenter: Michael Wienczkowski
Primary Reviewer: Jinlai Xu
Secondary Reviewer: Deep Bhojani

4.    Security and trust in virtual healthcare communities

Presenter: Kevin Donohue
Primary Reviewer: Jamie Gambetta

Secondary Reviewer: Harold Gosney


5.    A Privacy Framework for Mobile Health and Home-Care Systems

Presenter: Eric Corrado

Primary Reviewer: Harold Gosney
Secondary Reviewer: Jamie Gambetta


Overview of

Security and Privacy in mHealth

(Lecture 11)

 Week 13

(Dec 7)