All students will make a formal presentation in class. This will help prepare you for presentations at conferences and for teaching.
Dates, topics, and references are below.
|
Date |
|
Topic |
Reference |
|
11-Jan |
|
Penetrate
and Patch |
W. A. Arbaugh, W. L . Fithen, and J. McHugh, "Windows of Vulnerability: A
Case Study Analysis", Computer, vol. 33, no. 12, Dec. 2000, pp
52--59. |
|
16-Jan |
|
Morris
Internet Worm |
E. Spafford, "The Internet Worm: Crisis and
Aftermath," Communications of the ACM, vol. 32, no. 6, June 1989,
pp. 678-682. |
|
30-Jan |
|
Saltzer and Schroeder Principles |
J. Saltzer and M. Schroeder, "The Protection of
Information in Computer Systems," Proceedings of the IEEE, vol.
63, no.9, Sept. 1975, pp. 1278-1308. |
|
6-Feb |
|
Microsoft
Trustworthy Computing SDLC |
S. Lipner and M. Howard, "The Trustworthy Computing
Security Development Lifecycle," MSDN, Mar. 2005, Microsoft Corp.
Available at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/sdl.asp |
|
8-Feb |
|
Security
Requirements |
N. Mead,
"Requirements Engineering for Survivable Systems," Technical Note
CMU/SEI-2003-TN-013, Software Engineering Institute, 2003. Available at
http://www.sei.cmu.edu/publications/documents/03.reports/03tn013.html |
|
13-Feb |
|
SOX |
G. Dhillon and |
|
13-Feb |
|
HIPAA |
http://en.wikipedia.org/wiki/HIPAA
and other articles you may find |
|
13-Feb |
|
FERPA |
http://www.ed.gov/policy/gen/guid/fpco/index.html
See links to FERPA topics. |
|
15-Feb |
|
Abuse
Cases |
I.
Alexander, "Misuse Cases: Use Cases with Hostile Intent," IEEE
Software, vol. 20, no. 1, Jan. 2003, pp. 58-66. |
|
6-Mar |
|
Tools
Evaluation |
See also
articles at https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/code.html Compare the
following tools: (1) CodeScout
http://www.foundstone.com/ Click Resources>Free Tools>CodeScout. (2) CodeAssure Solo
http://www.securesoftware.com/products/solo.html Click "Learn
More". (3) RATS
http://www.securesoftware.com/resources/download_rats.html |
|
8-Mar |
|
Best
Practices |
K. M. Goertzel, ed. "In the Meantime: Best Practices to
Adopt Sooner Rather than Later," Chapter 5, Security in the Software
Lifecycle, Department of Homeland Security, 2005, Available at
https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/87.html?branch=1&language=1 |
|
20-Mar |
|
Risk-Based
Testing |
J. A.
Whittaker, "What Is Software Testing? And Why Is It So Hard?" IEEE
Software, vol. 17, no. 1, Jan. 2000, pp. 70-79. |
|
22-Mar |
|
E-Commerce |
Steven Furnell, " E-Commerce
Security," Chapter IX, |
|
22-Mar |
|
Common
Attacks |
K. M. Goertzel, ed. "Common Attacks Against Web
Applications and Web Services," Appendix C, Security in the Software
Lifecycle, Department of Homeland Security, 2005, Available at
https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/87.html?branch=1&language=1 |
|
22-Mar |
|
Sanitized
Reports |
National
Security Agency, "Redacting with Confidence: How to Safely Publish
Sanitized Reports Converted from Word to PDF," NSA Report
1333-015R-2005, Dec. 2005. Available at
http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf and
http://www.appligent.com/products/redax/redax.php |
|
3-Apr |
|
RBAC |
R. S. Sandhu, E. J. Coyne, Hal L. Feinstein, and Charles E. Youman, "Role-Based Access Control Models," Computer,
vol. 29, no. 2, Feb. 1996, pp. 38-56. |
|
3-Apr |
|
SQL Access
Features |
Provide a
tutorial on SQL GRANT and REVOKE commands, with examples and review S. Barker
and A. Rosenthal, "Flexible Security Policies in SQL," in Proceedings
of the Fifteenth Annual Working Conference on Database and Application
Security, 2001, |
|
10-Apr |
|
Public
Key Infrastructure |
R. W. Younglove, "Public Key Infrastructure. How it
works," Computing and Control Engineering Journal, vol. 12, no.
2, Apr. 2001, IEEE, pp. 99-102. and P. Gutmann, "PKI: It's Not Dead, Just Resting," Computer,
vol. 35, no. 8, Aug 2002, pp. 41-49. |