Lectures

 

Please check this page regularly.

 

 

Lecture/Date

Topics

Slides

Week 1

(Aug 31)

 

Introduction

Secure Software Development Models/Methodology & Assurance

(Reading Materials)

 

[Completed till slide 38]

 

 (Intro)

(Lecture 1)

Week 2

(Sept 7)

 

Secure Software Development Models/Methodology & Assurance: Building Security In

 

(From Book: Building Security In + Reading List ) 

[Completed till slide 38]

 

(Lecture 2)

Week 3

(Sept 14)

 

(Continue Lecture 2)

 

Secure Programming

·         Strings,

·         Pointer Subterfuge

 

(From Book: Secure Coding in C and C++)

 

(Lecture 3)

 

(Lecture 4)

Week 4

(Sept 21)

 

(Start Lecture 4)

Secure Programming

·         Dynamic Memory Management

 

(From Books: Secure Coding in C and C++)

 

Completed till slide 60 of Lecture 5]

 

(Lecture 5)

Week 5

(Sept 28)

(Continue Lecture 2)

Secure Programming

·         Race Conditions, Integer Issues  & Other Issues

(From Books: Secure Coding in C and C++)

 

(Lecture 6)

 

(Lecture 7)

Week 6

(Oct 5)

 

(Continue last few slides of Lecture 7)

 

Secure Programming Practices

·         Static & Dynamic Analysis

(From Book: Secure Programming with Static Analysis & papers)

 

 

 

(Lecture 8)

 

 

 

Week 7

(Oct 12)

Web Security & Defenses

·         SQL Injection

·         Cross-Site Scripting

·         Others

 

(Book: SQL Injection Attack and Defenses)

 

(Lecture 9)

 

 

 

 

 

(Lecture 10)

Week 8

(Oct 19)

(Continue Lecture 10)

Guest Lecture at 12 Noon -- “Introduction to the World of Blockchain” by Paul Rimba

(Research Scientist, Data61/CSIRO & Visiting Scientist at MIT Media Lab).

Other “Blockchain” resources from Dr. C. Mohan (IBM Fellow):

https://drive.google.com/file/d/0B7lNUaak0bK1MUtWVzB4aElwc1U/edit

 

(Lecture slides)

(Oct 26)

Midterm

 

Week 8

(Nov 2)

Project proposals/discussion

Project teams to meet separately (30 min slots)

Week 9

(Nov 9)

 

Attribute/ Encryption Based Access Control

 

(Guest Lecture: Runhua Xu)

 

Reading references:

1.    Sahai, Amit, and Brent Waters. "Fuzzy identity-based encryption." In Eurocrypt, vol. 3494, pp. 457-473. 2005.

 

2.    Identity based encryption from the Weil pairing by D. Boneh and M. Franklin, SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003.  Extended abstract in proc. of Crypto '2001, LNCS Vol. 2139, Springer-Verlag, pp. 213-229, 2001

 

3.    Bethencourt, John, Amit Sahai, and Brent Waters. "Ciphertext-policy attribute-based encryption." 2007 IEEE symposium on security and privacy (S&P'07). IEEE, 2007.

 

4.    Waters, Brent. "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization." In Public Key Cryptography, vol. 6571, pp. 53-70. 2011.

 

5.    Chenette, Nathan, Kevin Lewi, Stephen A. Weis, and David J. Wu. "Practical order-revealing encryption with limited leakage." In International Conference on Fast Software Encryption, pp. 474-493. Springer Berlin Heidelberg, 2016.

 

(Lecture slide)

Week 10

(Nov 16)

Continue Remaining of Lecture 9/10

 

Week 11

(Nov 19)

 

Paper Presentation/review

Topics: SQL injection and XSS

30 min time slots

 

1.    SQL-IDS: A Specification-based Approach for SQL-Injection Detection

Presenter: Jamie Gambetta

Primary review: Michael Wienczkowski

Secondary reviewer: Qirui Sun

 

2.       SQL DOM: Compile Time Checking of Dynamic SQL Statements

Presenter: Deep Bhojani

Primary review: Qirui Sun

Secondary reviewer: John Correll

 

3.       SQLProb: A Proxy-based Architecture towards Preventing SQL Injection Attacks

Presenter: Harold Gosney

Primary review: John Correll

Secondary reviewer: Kevin Donohue

 

4.    Automatic Web Security Unit Testing: XSS Vulnerability Detection

PresenterJinlai Xu

Primary review: Eric Corrado

Secondary reviewer: Michael Wienczkowski

 

5.    SWAP: Mitigating XSS Attacks using a Reverse Proxy

Presenter: Ramki Ravichandran

Primary review: Kevin Donohue

Secondary reviewer: Eric Corrado

 

 

(Nov 23)

Thanksgiving

 

 Week 12

(Nov 30)

 

Paper Presentations

Topic: HealthCare Security and Privacy

30 min time slots

 

1.    Self-tracking for Mental Wellness: Understanding Expert Perspectives and Student Experiences


Presenter: John Correll
Primary Reviewer: Ramki Ravichandran
Secondary Reviewer:

2.    MeD-Lights: A Usable Metaphor for Patient Controlled Access to Electronic Health Records

Presenter: Qirui Sun
Primary Reviewer: Deep Bhojani
Secondary Reviewer: Jinlai Xu

3.    An Approach to Modular and Testable Security Models of Real-world Health-care Applications

Presenter: Michael Wienczkowski
Primary Reviewer: Jinlai Xu
Secondary Reviewer: Deep Bhojani

4.    Security and trust in virtual healthcare communities


Presenter: Kevin Donohue
Primary Reviewer: Jamie Gambetta

Secondary Reviewer: Harold Gosney

 

5.    A Privacy Framework for Mobile Health and Home-Care Systems


Presenter: Eric Corrado

Primary Reviewer: Harold Gosney
Secondary Reviewer: Jamie Gambetta

 

Overview of

Security and Privacy in mHealth

(Lecture 11)

 Week 13

(Dec 7)