Lectures

Announcements

1. 31 May: The Honeynet Project's Reverse Challenge ends. This is "an effort to allow incident handlers around the world to all look at the same binary -- a unique tool captured in the wild -- and to see who can dig the most out of that system and communicate what they've found in a concise manner. This is a nonscientific study of tools, techniques, and procedures applied to post-compromise incident handling. The challenge is to have fun, to solve a common real world problem, and for everyone to learn from the process."
2. 4 June: guest lecture on computer forensics by Brent Whale, Electronic Forensic Investigator for the NZ Customs Service.
3. 19 June: One-day workshop on Information Security Essentials , Spencer Hotel, Takapuna.
4. Internships to research and develop an IA32 obfuscation engine at Trymedia Systems, Valencia, Spain.
5. 26 July: deadline for public submissions on Review of the Patents Act 1953: Boundaries to Patentability, Regulatory and Competition Policy Branch, Ministry of Economic Development, New Zealand, March 2002.
6. Archive of prior announcements.

Handouts

1. Handout 1: General information and term schedule.
2. Handout 2: Student information sheet. Summary of student responses.
3. Handout 3: first set of readings (available in hardcopy only)
   • C. Pfleeger, "Is there a security problem in computing?", Chapter 1 of Security in Computing, 2nd edition, Prentice Hall, 1997, pp. 1-19.
   • K. Nichols, "The Age of Software Patents", IEEE Computer, April 1999, pp. 25-31.
   • Anon., "Patent Law Basics", Office of Technology Transfer, University of Arizona, 2001. Available: http://www.ott.arizona.edu/patbasics.htm, 4 March 2001.
   • C. Collberg, C. Thomborson, D. Low, Obfuscation Techniques for Enhancing Software Security, Published International Patent Application WO9901815, World Intellectual Property Organization, filed June 9, 1998; see also WO9964973.
   • P. Samuelson, "Encoding the Law into Digital Libraries", Comm. ACM, April 1998.
4. Handout 4: Lecture slides set 1. Revised 8 March 2002.
5. Handout 5: Suggestions for Oral Reports and Term Projects. Revised 6 April 2002.
6. Handout 6: Course Bibliography. Revised 8 March 2002.
7. Handout 7: Lecture slides set 2. Revised 8 March 2002.
8. Handout 8: second set of readings (available in hardcopy only)
   • Ethical statements from IEEE, CPSR, and RSNZ.
   • Pfleeger, "Ethical issues in computer security," section 11.5 of Security in Computing, 2nd edition, Prentice Hall, 1997.
   • C. Mann, "Who will own your next good idea?", The Atlantic Monthly, 57-82, September 1998.
   • H. Rosner, "Steal this software," The.Standard.com, June 19, 2000.
   • P. Radatti, "Cybersoft, Incorporated Moral Guidelines," Cybersoft, Inc, 1996.
   • Bruce Schneier, "Foundations", Chapter 1 in Applied cryptography : protocols, algorithms, and source code in C, 2nd edition, Wiley, 1996.
   • Douglas R Stinson, Description of DES, and Introduction to Public-key Cryptography, pp. 70-73 and pp. 114-116. In Cryptography: Theory and Practice. CRC Press, ISBN 0-8493-8521-0, 1995.
   • Carlisle Adams and Steve Lloyd, "Core PKI Services: Authentication, Integrity, and Confidentiality," Chapter 4 in Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations, 296 pp., Macmillan, 1999.
   • L Garber, "Computer Forensics: High-Tech Law Enforcement," IEEE Computer, January 2001, pp. 22-27.
   • C Collberg and C Thomborson, "Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection", to appear IEEE TSE, 34 pp., submitted 13 December 2001.
9. Handout 9: Schedule of Oral Reports. Revised 30 April 2002.
10. Handout 10: Lecture slides set 3.
11. Handout 11: Lecture slides set 4.
12. Handout 12: Excerpts (not exceeding 10 pages each) from the following articles. Available in hardcopy only.
    • M Jakobsson and S Wetzel, "Security Weaknesses in Bluetooth" In D Naccache (ed.), Progress in Cryptology -- CT-RSA 2001 (LNCS 2020), 176-191, 2001.
    • M Sirbu and J Chuang, "Distributed authentication in Kerberos using public key cryptography", Proc Network and Dist Sys Security 1997, IEEE, 134-141, 1997.
    • S Craver, N Memon, B-L Yeo, and M Yeung, "Resolving Rightful Ownerships with Invisible Watermarking Techniques: Limitations, Attacks, and Implications", IEEE Journal on Selected Areas in Communications 16(4), 573-586, May 1998.
    • H Chang and M Atallah, "Protecting Software Code by Guards". In Workshop on Security and Privacy in Digital Rights Management 2001.
    • C Wang, J Hill, J Knight, J Davidson, "Software Tamper Resistance: Obstructing Static Analysis of Programs", Technical report CS-2000-12, Department of Computer Science, U Virginia (USA).
13. Handout 13: Readings.
    • H Mountifield, "How the University Library can help you with your term paper", powerpoint presentation, April 2001. 19 slides. (Slide #20 was added and authored by your instructor.)
    • F. Woodford, excerpts from Scientific Writing for Graduate Students, Rockefeller University Press, New York 1968. (Out of print.)
    • A Eisenberg, "Importance of Organizational Patterns", in Writing Well for the Technical Professions, Harper & Row, pp. 39-40 and 46-51, 1989.
    • E Papadakis, "Why and What for (Four): The Basis for Writing a Good Introduction", Materials Evaluation 41, 20-21, Jan 1983.
    • A Eisenberg, "Techniques for Writing Definitions", in Writing Well for the Technical Professions, Harper & Row, pp. 208-215, 1989.
    • Online Writing Lab, "Using American Psychological Association (APA) Format (Updated to 5th Edition", Purdue University, 2002. Available: http://owl.english.purdue.edu/handouts/print/research/r_apa.html, April 2002.
    • B Land, "Web Extension to American Psychological Association Style (WEAPAS) (Rev 2.0)", 1 July 2001. Available: http://www.beadsland.com/ARC/1996/beadsland/ROOT/weapas/html/index/, April 2002.
    • Writer's Web, "Effectively Using Direct Quotations", University of Richmond, undated. Available: http://www.richmond.edu/~writing/wweb/dq.html, April 2002.
    • Computer Science Department, "Honesty", in Undergraduate Handbook, University of Auckland, 2pp., 2002. Available http://www.cs.auckland.ac.nz/handbook/current/UG.H.html, April 2002.
    • M Spears, "What is Plagiarism", and "Quoting, Summarizing and Paraphrasing", Grosse Point North High School, Michigan (USA), 2 pp., undated. Available http://www.ehhs.cmich.edu/~mspears/whatis.html and http://www.ehhs.cmich.edu/~mspears/qsp.html, April 2002.
14. Handout 14: Excerpts (not exceeding 10 pages each) from the following articles, and lecture slides from the first five student presentations. Available in hardcopy only.
    • F Cohen, "Computer Viruses -- Theory and Experiments". In Proc. DOD/NBS 7th Conf on Computer Security, 1984.
    • T Parks et al., "Vulnerabilities of Reliable Multicast Protocols". In IEEE Military Communications Conference, Oct 1998.
    • M Jakobsson and M Reiter, "Discouraging Software Piracy Using Software Aging." In Workshop on Security and Privacy in Digital Rights Management 2001.
    • J Stern et al., "Robust Object Watermarking: Application to Code". In LNCS 1768, Springer Verlag, 368-378, 2000.
    • J Feigenbaum et al., "Privacy Engineering for Digital Rights Management Systems". In Workshop on Security and Privacy in Digital Rights Management 2001.
    • B Miller et al., "Playing Inside the Black Box: Using Dynamic Instrumentation to Create Security Holes," accepted for publication in Parallel Processing Letters. Manuscript dated February 9, 2001.
15. Handout 15: Lecture slides set 5, "Report Writing."
16. Handout 16: Excerpts (not exceeding 10 pages each) from the following articles, and lecture slides from student presentations 6 (Swetha B), 7 (SF Chin), 8 (G Cronin) and 9 (SK Hong). Available in hardcopy only.
    • Bond et al., "API-Level Attacks on Embedded Systems", IEEE Computer, 67-75, October 2001.
    • Palsberg et al., "Experience with Software Watermarking". In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, IEEE, 308-316, 2000.
17. Handout 17: Excerpt (not exceeding 10 pages each) from the following article, and lecture slides from student presentations 10 (X Chen), 11 (William CJ Siu). Available in hardcopy only.
    • Horne et al., "Dynamic Self-Checking Techniques for Improved Tamper Resistance". In Workshop on Security and Privacy in Digital Rights Management 2001.
18. Handout 18: Samples of my Feedback on Oral Presentations.
19. Handout 19: Lecture Slides set 6, "Report Writing #2," excerpts (not exceeding 10 pages each) from the following articles, lecture slides from presentations 12 (Jasmin Y Min), 13 (Mark CF Chan), 14 (D Zhao), and lecture slides from Dr Peter Gutmann's presentation on 8 May.
    • P Gutmann, "PKI: It's Not Dead, Just Resting", unpublished manuscript.
    • S Greenberg, "Easter Egg Insertion, Detection and Deletion in Commercial Software", 600.505 Independent Research Project, Department of Computer Science, Johns Hopkins University (USA), 29 June 2000.
    • R Anderson et al., "Low Cost Attacks on Tamper Resistant Devices", LNCS 1361, Springer, 1997.
    • T Sander et al., "Towards Mobile Cryptography." In Proceedings of the 1998 IEEE Symposium on Security and Privacy, 215-224, May 1998.
    • C Landwehr et al., "A Taxonomy of Program Security Flaws," ACM Computing Surveys 26(3), 211-254, September 1994.
20. Handout 20: Final Examination for COMPSCI 725 FC 01, excerpts (not exceeding 10 pages each) from the following articles, and lecture slides from presentations by S Mostafa (16), S Manoonpong (17), X Lin (19), and FH Luo (19.5). Available in hardcopy only.
    • G McGraw et al., Twelve Rules for Developing More Secure Java Code, Java World, 1 Dec 1998.
    • O Berthold et al., Identity Management Based on P3P, H. Frederrath (Ed.), Designing Privacy Enhancing Technologies (Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability), LNCS 2009, pp. 141-160, Springer-Verlag, 2001. (You should read Sections 1 through 3.1, on pp. 141-149; and the Conclusions and Outlook on pp. 158-159.)
    • W Arbaugh et al., "Your 802.11 Wireless Network has No Clothes", Wireless LANS and Home Networks: Connecting Offices and Home Networks (Proc. of the IEEE Int'l Conf.), ed. B Bing, World Scientific, 2002.
    • J Kephart et al., "Directed-Graph Epidemiological Models of Computer Viruses", Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343-359.
21. Handout 21: Excerpt (not exceeding 10 pages each) from the following articles, and lecture slides from student presentations 20 (S Thoren) and 21 (H Derhamy).
    • D Davis, "Compliance Defects in Public Key Cryptography", Proc. 6th USENIX Security Symposium, 1996.
    • G Greenleaf, "An Endnote on Regulating Cyberspace: Architecture vs Law?", undated manuscript.
    • R Gray et al., "D'Agents: Security in a Multiple-Language, Mobile-Agent System", Mobile Agents and Security, Lecture Notes in Computer Science 1419, ed. Giovanni Vigna, 154-187, Springer-Verlag, 1998.
22. Handout 22: Excerpt (not exceeding 10 pages) from the following article.
    • D Wallach et al., "SAFKASI: A Security Mechanism for Language-based Systems," ACM Transactions on Software Engineering and Methodology 9(4), October 2000, pp. 341-378.
23. Handout 23: List of readings, and lecture slides from student presentations E Purnomo (22), W Jin (23), G Yang (25), O Bannatyne (26), H Tan (27), R Vijapurapu (28).

The lecture notes are available in "powerpoint slideshow" (pps) format. To view or print PPS, you will need Microsoft's PowerPoint or a PowerPoint viewer. You can download freeware PowerPoint viewers for your Macintosh (6.5 MB) or Windows PC (2.8 MB).