Computing and Information Technology Interactive Digital Educational Library


Syllabus Collection >
Syllabus >

Please use this identifier to cite or link to this item:

Title: Security and Privacy in Computing
Authors: Department of Computer Science - Johns Hopkins University
Issue Date: 
Publisher: Department of Computer Science - Johns Hopkins University
Abstract: CS 600.643: Security and Privacy in Computing Tentative syllabus - subject to change Course description Topics will vary from year to year, but will focus mainly on network perimeter protection, host-level protection, authentication technologies, intellectual property protection, formal analysis techniques, intrusion detection and similarly advanced subjects. Emphasis in this course is on understanding how security issues impact real systems, while maintaining an appreciation for grounding the work in fundamental science. Students will study and present various advanced research papers to the class. There will be homework assignments and a course project. ThF 9-10:15 Schaf 304 Format This is a seminar course. Each week has a paper associated with it, and all students must read all of the papers. Each student will be assigned a week. When it is your week, you are responsible for the paper listed in this syllabus. You should prepare a presentation of that paper to last the full class period. For your assigned paper, it is strongly advised that you research the papers in the bibliography and familiarize yourself with previous work in the area. Your presentation is not only of the assigned paper, but of the context surrounding that work. Even if you have a lot of experience presenting research, you should not wait until the last minute to prepare, and a dry run a few days before class is a very good idea. Time yourself, and if possible, even video yourself. Practice with friends, with enemies, or with your dog. Practice, practice, practice! You should be ready to discuss the work from all angles. It is okay to offer opinions, improvements, and other types of criticisms of the work. On the Thursday meeting, you will make your presentation. Then, on Friday, every student is required to show up with two written questions. These should be deep, thought-provoking questions. The student who is assigned the paper will lead a discussion centered around the questions. The questions will be turned in to the professor at the end of class. The first class will be used to sign up students for their choices of papers. Students who struggle will be given the opportunity to sign up again, assuming that the class size is small enough for people to go more than once. Mailing List All students must sign up for the class mailing list. Send mail to with "subscribe cs643" in the message body. Then, to send mail to the class, send it to cs643 at Important announcements will be maid via the mailing list, and students will be responsible for any information posted to the list. Office Hours I will hold my scheduled office hours at 326 NEB after class on Thursdays, 10:15 a.m. to 12:00 p.m. When needed, I will have hours there on Fridays as well. My office is at 416 Wyman Park, and we can meet there by appointment. Grading This is an interactive class, so class participation will play a significant role in grading. Besides that, grades will be based on your paper presentation, your participation in discussions and questions, and your project. Project The project description can be found here. Week 1 9/4 Introduction to the course Course project assigned Sign up for papers 9/5 No class Week 2 Martin Abadi, Roger Needham. "Prudent Engineering Practice for Cryptographic Protocols", IEEE Transactions on Software Engineering 22, 1 (January 1996), 6-15. (ps) Student(s): John Daniel & Charles Wright 9/11 Paper presentation 9/12 Class discussion Week 3 Stuart Staniford, Vern Paxson, Nicholas Weaver, "How to 0wn the Internet in Your Spare Time" Proceedings of the 11th USENIX Security Symposium (Security '02). (pdf) Student(s): John Scillieri & Carl Steinebach 9/18 Paper presentation Project: Turn in phase I 9/19 Class discussion Week 4 Dawn Xiaodong Song, David Wagner, and Xuqing Tian. "Timing Analysis of Keystrokes and Timing Attacks on SSH" 10th USENIX Security Symposium, 2001. (pdf) Student(s): Chris Soghoian 9/25 Paper presentation 9/26 Class discussion Week 5 M. Handley, C. Kreibich and V. Paxson, "Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics". Proc. USENIX Security Symposium 2001. (pdf) Student(s): Raymond Brown & Jing Wang 10/2 Class discussion from previous week Project: Turn in phase II 10/3 Paper presentation Week 6 10/9 Class discussion from previous week 10/10 *** New Addition*** Project discussion. Each student will discuss their project idea for 5-7 minutes. No powerpoint, just sit around in a circle and discuss. Week 7 Daniel Bleichenbacher, "Chosen Ciphertext Attacks against Protocols Based on RSA Encryption Standard PKCS #1" in Advances in Cryptology -- CRYPTO'98, LNCS vol. 1462, pages: 1--12, 1998. (ps) Student(s): Adam Stubblefield 10/16 Paper presentation 10/17 Class discussion Week 8 W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold. "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols." In Proc. ACM Computer and Communications Security (CCS) Conference. November 2002, Washington, DC. (pp 48-58). (pdf) Student(s): Seny Kamara & Parth Vasa 10/23 Paper presentation Project: Turn in phase III 10/24 Class discussion Week 9 Edward W. Felten and Michael A. Schneider. "Timing Attacks on Web Privacy". Proc. of 7th ACM Conference on Computer and Communications Security, Nov. 2000. (pdf) Student(s): Domari Dickinson & Neda Khalili 10/30 Paper presentation 10/31 Class discussion Week 10 Matt Wright, Micah Adler, Brian Neil Levine, and Clay Shields, "Defending Anonymous Communication Against Passive Logging Attacks". IEEE Symposium on Security and Privacy, Oakland, CA. May 2003. (ps) Student(s): Matt Green 11/6 Paper presentation 11/7 Class discussion Week 11 William Aiello, John Ioannidis, and Patrick McDaniel, "Origin Authentication in Interdomain Routing". Proceedings of 10th ACM Conference on Computer and Communications Security, ACM, October 2003. (pdf) Student(s): Sophie Qiu 11/13 Paper presentation 11/14 Class discussion Week 12 Two papers: * Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Alma Whitten and J.D. Tygar. In Proceedings of the 9th USENIX Security Symposium, August 1999. (pdf) Student(s): Barry Herman * M. Blaze. "Protocol Failure in the Escrowed Encryption Standard." Proceedings of Second ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994. (pdf) Student(s): Lauren Rosenblatt 11/20 Paper presentation 11/21 Class discussion Project: Turn in phase IV Week 13 THANKSGIVING Week 14 M. Blaze, J. Feigenbaum and J. Lacy. "Decentralized Trust Management." IEEE Symposium on Security and Privacy, Oakland, CA. May 1996. (pdf) Student(s): Jatara Brown & Jeremy Mullendore 12/4 Paper presentation 12/5 Class discussion Project: Turn in phase V Computer Science Department Academic Integrity Code The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition. Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment. *If* your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated. Falsifying program output or results is prohibited. Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received. Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on Academic Ethics for Undergraduates ( and the Ethics Board web site (
Appears in Collections:Syllabus

Files in This Item:

File SizeFormat

All items in DSpace are protected by copyright, with all rights reserved.


Valid XHTML 1.0! DSpace Software Copyright © 2002-2006 MIT and Hewlett-Packard - Feedback