References

Reference Textbooks

There are NO required textbooks for this course. However, the following books cover parts of what will be discussed in the class.

Network Security by Kaufman, Perlman, and Speciner.
Computer Security: Art and Science by Matt Bishop.
Security Engineering by Ross Anderson

Other Security Courses

You may use online resources including materials from courses offered at other institutions. Here are some security courses that have large overlaps with this course.
Vitaly Shmatikov's network security course
Stanford security course
Hovav Shacham's security course

Discussion list

Discussion 1: Ethics
Conducting cybersecurity research legally and ethically by Burstein
Crossing the Line: Ethics for the Security Professional
A great list of resources by Phil Rogaway

Discussion 2: DNS Defense
Increased DNS Forgery Resistance through 0x20-Bit Encoding: SecURItY viA LeET QueRieS by Dagon et al.
DNSSEC by Geoff Huston
Protecting browsers from DNS rebinding attacks by Jackson et al.

Discussion 3: Botnets
An Analysis of Conficker's Logic and Rendezvous Points
Know your Enemy: Tracking Botnets
An Inside Look at Botnets
A Multifaceted Approach to Understanding the Botnet Phenomenon

Discussion 4: Graphical Password Authentication
PassPoints: Design and longitudinal evaluation of a graphical password system by Wiedenbecka et al.
Graphical Password Authentication Using Cued Click Points by Chiasson et al.

Reading list

General Reading
Why Cryptosystems Fail by Ross Anderson.

TCP/IP, BGP, DNS Security, and DDos
TCP/IP Security a survey by Chambers, Dolske, and Iyer.
A look back at "Security Problems in the TCP/IP Protocol Suite" by Bellovin.
SYN Coockies by Bernstein.
DNS Cache Poisoning by Steve Freidl
A survey of BGP security by Butler et. al.
Practical network support for IP Traceback by S. Savage, et al.

Optional Reading:
Black Ops 2008: It's the End Of The Cache As We Know It by Dan Kaminsky
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas H. Ptacek and Timothy N. Newsham
Inferring Internet Denial of Service Activity by D. Moore, G. Voelker, and S. Savage

Firewalls and Intrusion Detection Systems
Firewall Gateways by S.M. Bellovin and W.R. Cheswick
Snort

Optional Reading:
Bro by Vern Paxson
Building Internet Firewalls by E. Zwicky, S. Cooper, and B. Chapman

Web Security
Do's and Don'ts of Client Authentication on the Web by Fu et al.
Same Origin Policy
Secure Frame Communication in Browsers by Bart et al.
Cross Site Scripting Explained by Amit Klein.
Cross Site Request Forgery
SQL injection by Chris Anley.