April 29, 2008, Tu (Lecture 21): We covered intrusion detection systems (IDSs). Network
and host-based IDSs were both covered. Slides can be found here.
May 1, 2008, Th (Lecture 22): In this lecture we covered IPSec. This was mostly an overview
lecture (we did get too much into the details). Slides can be found here.
Tuesday, May 6, 2008
Tuesday, April 29, 2008
Week 14
April 2008, Tu (Lecture 19): We started our discussion on SSL. We covered the
basic handshake protocol, resuming a session, server authentication, and separating
the signing and the encryption key.
April 2008, Th (Lecture 20): We finished our discussion on SSL (essentially covering
client authentication). We finished a timing attack on SSL by Brumley and Boneh (slides
for this were handed out).
basic handshake protocol, resuming a session, server authentication, and separating
the signing and the encryption key.
April 2008, Th (Lecture 20): We finished our discussion on SSL (essentially covering
client authentication). We finished a timing attack on SSL by Brumley and Boneh (slides
for this were handed out).
Week 13
April 15, 2008, Tu (Lecture 18): In this lecture we describe various types of malicious
code (such as worms and Trojans). We also covered two types of exploits (buffer overrun
and format string). Slides for this lecture can be found here.
April 17, 2008, Th: No lecture on this day. Instructor had a sore throat.
code (such as worms and Trojans). We also covered two types of exploits (buffer overrun
and format string). Slides for this lecture can be found here.
April 17, 2008, Th: No lecture on this day. Instructor had a sore throat.
Tuesday, April 22, 2008
Week 12
Apr 08, Tu, 2008 (Lecture 16): Anuj Desai from the law school gave a guest lecture
on cyberlaw, which I gather was a big success. Here are some additional comments
from Anuj about additional material.
--------Anuj's comments---------------------------------------------------------------
The best general treatment aimed at nonlawyers that I've read is Jessica Litman, Digital Copyright (2001). Larry Lessig's two books, Code (now called Code V.2) and The Future of Ideas are also good. In my view, Code (even v.2) is far better, but The Future of Ideas has a bit more on copyright. There's another recent book, Tarleton Gillespie, Wired Shut: Copyright and the Shape of Digital Culture (2007), that has got some good reviews, but I haven't read it yet. For people who are really interested in copyright itself (as opposed to just how copyright intersects with computer technology), Paul Goldstein, Copyright's Highway is excellent - easy to read and understand.
If students would like to take my Cyberlaw class this fall, they'd be most welcome. It's T/Th from 1 to 2:15 p.m. in Helen C. White 4208. For grad students, they take LIS 663 and should go through Andrea Poehling in the SLIS main office. For undergrads, they take Legal Studies 663 and should contact Irene Katele in the Legal Studies office.
---------------------------------------------------------------------------------------------
Apr 10, Th, 2008 (Lecture 17): This was a lecture on network-based attacks, such as
port scanning, OS fingerprinting, and denial-of-service (DOS) attacks. The slides can
be found here.
on cyberlaw, which I gather was a big success. Here are some additional comments
from Anuj about additional material.
--------Anuj's comments---------------------------------------------------------------
The best general treatment aimed at nonlawyers that I've read is Jessica Litman, Digital Copyright (2001). Larry Lessig's two books, Code (now called Code V.2) and The Future of Ideas are also good. In my view, Code (even v.2) is far better, but The Future of Ideas has a bit more on copyright. There's another recent book, Tarleton Gillespie, Wired Shut: Copyright and the Shape of Digital Culture (2007), that has got some good reviews, but I haven't read it yet. For people who are really interested in copyright itself (as opposed to just how copyright intersects with computer technology), Paul Goldstein, Copyright's Highway is excellent - easy to read and understand.
If students would like to take my Cyberlaw class this fall, they'd be most welcome. It's T/Th from 1 to 2:15 p.m. in Helen C. White 4208. For grad students, they take LIS 663 and should go through Andrea Poehling in the SLIS main office. For undergrads, they take Legal Studies 663 and should contact Irene Katele in the Legal Studies office.
---------------------------------------------------------------------------------------------
Apr 10, Th, 2008 (Lecture 17): This was a lecture on network-based attacks, such as
port scanning, OS fingerprinting, and denial-of-service (DOS) attacks. The slides can
be found here.
Monday, April 21, 2008
Week 11
Apr 01, Tu, 2008 (Lecture 14): We finished our discussion on Kerberos (our focus was on
use of authenticators to address replay attacks and inter-realm authentication). We discussed
X.509, a standard for signed certificates. We also covered the idea of "chain of certificates" when
there isn't a trust relationship between the two entities. We also covered the authentication
protocols associated with X.509
Apr 03, Th, 2008 (Lecture 15): This lecture was on firewalls and was delivered by our
guest lecturer David Parter. Slides can found here.
use of authenticators to address replay attacks and inter-realm authentication). We discussed
X.509, a standard for signed certificates. We also covered the idea of "chain of certificates" when
there isn't a trust relationship between the two entities. We also covered the authentication
protocols associated with X.509
Apr 03, Th, 2008 (Lecture 15): This lecture was on firewalls and was delivered by our
guest lecturer David Parter. Slides can found here.
Week 10
Mar 25, Tu, 2008 (Lecture 12): We started discussing authentication protocols, which
are of two types (one using symmetric key and other using public key cryptography). We covered the Needham-Schroeder and the Denning protocol. We also discussed one-way
authentication protocols, which is useful for applications such as email.
Mar 27, Th, 2008 (Lecture 13): We started discussing Kerberos, a widely used distributed
authentication protocol. We discussed the protocol in versions, each version adding a feature
to address attacks in the previous version. Please read the discussion of Kerberos in
the book.
are of two types (one using symmetric key and other using public key cryptography). We covered the Needham-Schroeder and the Denning protocol. We also discussed one-way
authentication protocols, which is useful for applications such as email.
Mar 27, Th, 2008 (Lecture 13): We started discussing Kerberos, a widely used distributed
authentication protocol. We discussed the protocol in versions, each version adding a feature
to address attacks in the previous version. Please read the discussion of Kerberos in
the book.
Friday, April 18, 2008
Week 9
Mar 18 (Tu) and Mar 20 (Th) we did not have a class. This was the spring recess for
the university.
the university.
Subscribe to:
Comments (Atom)