CSE 227 -- Computer Security

Take Home Final Exam

This exam is due midnight of Friday, March 21st. By this I mean Friday night, i.e., anything turned in by 21 March 2003 23:59:59 -0800 is fine.

Course Information

This is the class web page for CSE 227, Computer Security. The instructor is Bennet Yee. My office hours are Wednesdays 2-3pm.


  • First handout [pdf]
  • Code of Ethics [pdf]
  • Electronic handouts for reading list... under construction
  • Reading Groups

    Please organize into reading groups for the research paper phase of the course.
  • [WAOT] Juliana Wong, Tulika Agrawal, Scott O'Neil, Yekaterina Tsipenyuk
  • [KSB] Gopal Kollengode, Vinu Somayaji, Ajay D. Bharadwaj
  • [ACKM] Max Alexseyev, Chris Calabro, Devin Kowatch, David Moore
  • [CLQB] Joe Chapman, Dennis Liu, Amadeo Quinto, Michael Biglan
  • If you have not told me about a reading group by Friday, I will assign you to a group. The papers are coming soon!

    Brief lecture summaries / addenda and papers

    The following are brief lecture summaries with additional clarifications / information. These summaries are not a substitute for note taking, and are not guaranteed to be complete. Furthermore, details of some security vulnerabilities discussed in class will not be included.

    When I assign papers, the group that is presenting a paper do not have to write a separate summary for that paper, just turn in a PDF of their presentation (which I will make available below). If you are not presenting the paper, you must turn in a summary, either in plain text or PDF, by email to me before class starts on the day that the paper is to be presented. I expect about a page or two of text, summarizing the main contributions of the work, giving a critical analysis of the good and bad features, such as the generality / scalability of the technique, whether the idea would work well with other techniques that we have gone over (have synergistic effects), or if the two approaches would interfere, etc.

  • 2003-03-06: Project writeup due today
  • Building Secure File Systems Out Of Byzantine Storage [ACKM]
  • RaceGuard [CLQB]
  • 2003-03-04:
  • Security in Plan 9 [WAOT]
  • Security Architecture for Component-based Operating Systems [KSB]
  • 2003-02-27:
  • RAD: A Compile-Time Solution to Buffer Overflow Attacks [ACKM]
  • Flexible Policy-Directed Code Safety (Naccio) [CLQB]
  • 2003-02-25:
  • Timing Analysis of Keystrokes and Timing Attacks on SSH [pdf] [WAOT]
  • Security for Mobile Agents: Authentication and State Appraisal [ ps, pdf ] [KSB]
  • 2003-02-20:
  • Outbound Authentication [pdf] [ACKM]
  • StackGuard [ps] [pdf] [CLQB]
  • 2003-02-18: Lecture
  • 2003-02-13:
  • Cyclone: A Safe Dialect of C [pdf] and Region-Based Memory Management in Cyclone [pdf]. You may wish to consult the longer tech report version of the first paper as well [pdf], though this is not required. [KSB]
  • On the Problem of Trust in Mobile Agent Systems also from NDSS 1998 [WAOT]
  • 2003-02-11:
  • Mobile Agents: Are They A Good Idea? [pdf] [CLQB]
  • Arbaugh, Farber, Smith: A Secure and Reliable Bootstrap Architecture [ACKM]
  • 2003-02-06: Lecture 8
  • 2003-02-04:
  • How to 0wn the Internet in your spare time [KSB]
  • A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities [pdf] [WAOT]
  • 2003-01-30: Lecture 7
  • 2003-01-28: Lecture 6
  • 2003-01-23: Lecture 5
  • 2003-01-21: Lecture 4
  • 2003-01-16: Lecture 3
  • 2003-01-14: No class. I will be at the Usenix Technical Conference's program committee meeting. Assigment: read this paper.
  • 2003-01-09: Lecture 2
  • 2003-01-07: Lecture 1
  • In The News

  • Intrusion detection system vulnerable to buffer overflow attacks.
  • Bank PIN theft via internet cafe computers

  • [ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | pgp certserver | openpgp certserver ]
    picture of bsy

    bsy+cse227w03@cs.ucsd.edu, last updated Fri Mar 21 00:27:32 PST 2003. Copyright 2003 Bennet Yee.
    email bsy.

    Don't make me hand over my privacy keys!