Concepts of Computer Security
This course will help students understand the advanced concepts of security and gain valuable skills related to security research, will learn about state-of-the-art security works from both industry and academia, and will go through a security focused project that will teach them critical thinking, security problems, solutions and trade-offs involved. Further, they will learn about the standard steps of writing conference quality security papers as part of developing and submitting the course project report.
Spring 2026 Schedule
| Date | Topic | Readings | Notes |
|---|---|---|---|
| Spring Classes Begin Jan 12 | |||
| 01/16/26 | Introduction of the course, Research Methods I and Cryptography |
1.
Security Engineering, Chapter 1
(link)
2. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link) 3. Michael J. Hanson, Efficient Reading of Papers in Science and Technology. (link) |
HW1 released; Spring drop/add ends |
| Dr. Martin Luther King, Jr. holiday; no classes Jan 19 | |||
| 01/23/26 | Secret Key Crypto |
1.
Security Engineering, Chapter 5.1-5.6
(link)
2. Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (link) |
HW1 due |
| 01/30/26 | Project – Intro and Logistics, Hashes and Message Authentication |
1.
USENIX Security Proceedings
(link)
2. ACM CCS Proceedings (link) 3. IEEE Security & Privacy Proceedings (link) 4. NDSS Proceedings (link) 5. Security Engineering, Chapter 5.6 (link) |
HW2 released, Project Proposal assigned |
| 02/06/26 | Public Key Cryptography, Key agreement and PKI |
1.
Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure
(link)
2. Creating your own Certificate Authority (link) 3. Deep Dive Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Proceedings of the ACM Conference on Computer and Communications Security (CCS). 2015. (link) 4. Security Engineering, Chapter 5.7 (link) |
Project Proposal + HW2 due, HW3 released |
| 02/13/26 | User Authentication + Authentication Protocols |
1.
The science of password selection, Troy Hunt
(link)
2. Biometrics, Wikipedia (link) 3. Deep Dive P. G. Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In Proceedings of the IEEE Symposium on Security and Privacy, 2012. (link) 4. Optional D. Florencio, C. Herley, and P. van Oorschot, An Administrator’s Guide to Internet Password Research. Large Installation System Administration Conference (LISA). 2014. (link) 5. Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link) 6. Optional Designing an Authentication System: A Dialogue in Four Scenes (link) 7. B. Clifford Neuman and Theodore Ts’o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link) |
Related work assigned, HW3 due |
| Midterm grading opens Feb 16 | |||
| 02/20/26 | TLS + Access Control + Midterm Review |
1.
SSL and TLS: A Beginners Guide
(link)
2. Creating your own Certificate Authority (link) 3. Operating System Security, Chapters 1, 2, and 5 (link) 4. [Part 1 Only] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link) 5. Operating System Security, Chapters 3, 4, and 10 (link) |
Related work due, Research Plan assigned |
| 02/27/26 | Midterm (in-person) | ||
| Midterm grading closes March 3 | |||
| 03/06/26 | Midterm Post Review, Research Methods II + OS Security | ||
| 03/13/26 | Multics and Program Vulnerabilities |
1.
Operating System Security, Chapters 1, 2, and 5 [Part 1 Only]
(link)
2. J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link) |
|
| No Class - Spring Break - March 16-22 | |||
| 03/27/26 | Worms, DoS, and Botnets |
1.
S. Staniford and V. Paxson and N. Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, August 2002.
(link)
2. Paul Bacher, Thorsten Holz, Markus Kotter, George Wichersk. Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. March 2005. (link) |
Research Plan due |
| Spring last day to withdraw Mar 28 | |||
| 04/03/26 | TCP/IP Security |
1.
A look back at “Security problems in the TCP/IP protocol suite”
(link)
2. Jerome H. Saltzer, David. P. Reed, and David D. Clark. End-to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288. (link) |
HW4 released |
| 04/10/26 | Wireless and Routing |
1.
Security Flaws in 802.11 Data Link Protocols
(link)
2. M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security, November, 2017. (link) 3. Brenza et al. A Practical Investigation of Identity Theft Vulnerabilities in Eduroam. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015. (link) |
HW5 released (Bonus) |
| 04/17/26 | Intrusion detection and IoT/Software Security Compliance |
1.
S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999.
(link)
2. Deep Dive A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link) |
HW4 due |
| 04/24/26 | Course Review | Project paper + HW5 due (bonus)** | |
| Test Free Week April 25-30 | |||
| 05/06/26 | Final exam (in-person and cumulative); 3-5 PM. | Check USF Final Exam Matrix | |
| Spring final grading closes May 12 | |||
| Spring grades visible on Student Self-Service May 15 | |||
| * Always check University Calendar for Details: https://www.usf.edu/registrar/calendars/ |