Computer and Network Security
Grinnell College
CSC 214 · Spring, 2017
Final examination: Tuesday, March 16, 9 a.m., Noyce 3819.
Just in case you're interested,
here's what the author of our textbook sees
when he looks at the current state of computer and network security:
“The Threat:
A Conversation with Ross Anderson”
(Edge, May 8, 2017).
He sees the nature of his work differently now than he did ten years ago.
In this course,
we'll consider the security of computing systems
and the networks over which they communicate,
tools and techniques for undermining or for reinforcing
the reliability and usability of computer systems,
the theoretical concepts that underlie those techniques,
and the ways in which governments, corporations, interest groups, and individuals
currently use them.
The class meets in Noyce 3819, on Thursdays, from 2:00 to 3:50 p.m.
Our textbook is
Security Engineering: A Guide to Building Dependable Distributed Systems,
second edition (Indianapolis: Wiley Publishing, 2007; ISBN 978-0-470-06852-6),
by Ross Anderson,
Professor of Security Engineering
at the Computer Laboratory
of the University of Cambridge.
We'll supplement and update this textbook
with blogs maintained by researchers and other professionals
in the field of computer and network security.
Here are a few that are reliable starting points:
The instructor for this course is
John David Stone.
My office is Noyce 3829,
near the east end of the long corridor
on the third floor of the Noyce Science Center,
on the north side (facing Eighth Avenue).
My telephone extension on the Grinnell College campus is 3181.
My office hours for spring 2017 are
- Mondays, 2 to 4 p.m.
- Wednesdays, 10 a.m. to noon
- Thursdays, 9 to 11 a.m.
or by appointment.
- Electronic Frontier Foundation,
“Surveillance Self-Defense”
- Bruce Schneier,
“The Security Mindset”,
Schneier on Security, April 30, 2008
- Bruce Schneier,
“Security and the Internet of Things,”
Schneier on Security, February 1, 2017.
- Kenneth Olmstead and Aaron Smith,
“Americans and Cybersecurity,”
Pew Research Center, January 26, 2017
- Full “Americans and Cybersecurity” report
(PDF, 43 pages)
- Colly Roderick, “The ‘Objectifier’ Teaches Your Appliances to Work on Their Own,”
Cyber Security Agency, January 26, 2017
- A demonstration of pretexting
- “Most common passwords list”
- The YubiKey, a common device for second-factor authentication
- Bruce Schneier, “Security and Privacy Guidelines for the Internet of Things,” (a compilation of links to on-line guidelines from various sources)
- Australian Signals Directorate, “Strategies to Mitigate Cyber Security Incidents” (table), February 2017
- Australian Signals Directorate, “Strategies to Mitigate Cyber Security Incidents” (threat model and details), February 2017
- Australian Signals Directorate, “The Top 4 in a Linux Environment”
- Australian Signals Directorate, “Security Tips for the Use of Social Media Websites”
- Julia Evans, “Dissecting an SSL certificate,” January 31, 2017
- Chayn, “Do It Yourself Online Safety,” 2017
- Scott Arciszewski, “PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library,” Paragon Initiative, February 12, 2017
- F-Secure, “State of Cyber Security 2017”
- “Pwnie Express,” The Internet of Evil Things, 2017
- Zooko Wilcox, “Lessons from the History of Attacks on Secure Hash Functions,” February 24, 2017.
- John Graham-Cumming, “Incident Report on Memory Leak Caused by Cloudflare Parser Bug,” Cloudflare Blog, February 23, 2017
- Cory Doctorow, “You Can't Destroy the Village to Save It: W3C vs DRM, Round Two,” Deeplinks, Electronic Frontier Foundation, January 12, 2016
- David Rosenthal, “The Amnesiac Civilization: Part 1,” DSHR's Blog, March 3, 2017
- Ken Thompson, “Reflections on Trusting Trust”, Communications of the ACM, August 1984
- “User #2064619,” “Development Tradecraft DOs and DON'Ts,”, Central Intelligence Agency
- Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda, “Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web,” Network and Distributed System Security Symposium 2017, February 26 – March 1, 2017
- Julia Powles and Hal Hodson, “Google DeepMind and Healthcare in an Age of Algorithms,” Health and Technology, March 16, 2017
- MIT Center for International Studies and MIT Internet Policy Research Initiative, “Keeping America Safe: Towards More Secure Networks for Critical Sectors,” March 2017.
- Ashley Feinberg, “This Is Almost Certainly James Comey's Twitter Account,” Gizmodo, March 30, 2017
- Gal Beniamini, “Over the Air: Exploiting Broadcom's Wi-Fi Stack (Part 1),” Project Zero, April 4, 2017
- Michael Powell and Gretchen Morgenstern, “MERS? It May Have Swallowed Your Loan,” The New York Times, March 5, 2011
- “Vote Correlation: Internet Privacy Resolution and Telecom Contributions,” OpenSecrets.org, March 29, 2017 (with handy spreadsheet)
- National Security Agency (Special Source Operations), “PRISM/US-984XN Overview: The SIGAD Used Most in NSA Reporting,” Snowden Surveillance Archive
- David Kirshner, “The Real Story of Stuxnet,” IEEE Spectrum, February 26, 2013
- “Sony Pictures Hack,” Wikipedia, April 6, 2017
- Sean Gallagher, “ ‘EPIC’ Fail — How OPM Hackers Tapped the Mother Lode of Espionage Data,” Ars Technica, June 21, 2015
- “Vault 7: CIA Hacking Tools Revealed,” WikiLeaks, March 7, 2017
- Charlie Osborne, “Shodan: The IoT Search Engine for Washing Sleeping Kids and Bedroom Antics,” Zero Day, January 26, 2016
- S. Farrell and H. Tschofenig, “Pervasive Monitoring Is an Attack,” Internet Engineering Task Force, May 2014
- Moglen, Eben. “Snowden and the Future.” 2013.
- TAILS: The Amnesic Incognito Live System
- SecureDrop
- Ka-Ping Yee, “Diebold, Hear This: We Won't Rest,“ Swarthmore Coalition for the Digital Commons, October 28, 2003
- J. Alex Halderman, “Hacking the D.C. Internet Voting Pilot,” Freedom to Tinker, October 5, 2010