> Main

> Syllabus

> Schedule

> External resources

> Cool stuff

Eugene's home
CIS 755: Advanced Computer and Information Security


  • May 10th: Final grades have been posted in K-State Online. I'll be back in my office next week so you can come in and pick up your final. Let me know if you can't pick it up in person — we'll work something out. Have a good summer everyone!
  • May 3rd: The key paper on obfuscation: Barak, Goldreich, Impagliazzo, Rudich, Sahai, Vadhan and Yang — On the (im)possibility of obfuscating programs
  • May 2st: This paper might be good to read if you're interested in secure multiparty computation and garbled circuits: Huang, Evans, Katz, and Malka — Faster secure two-party computation using garbled circuits
  • May 2st: I forgot to mention in class yesterday that generalized obfuscation of software (as a black box, without knowing what the software does) is provably not possible (edited: see May 3rd). Here's an interesting paper on the topic of what is possible: Goldwasser and Rothblum — On Best-Possible Obfuscation
  • May 1st: As promised, some Cryptovirology links are on the cool stuff page, but it doesn't look like cryptovirology does quite what I thought it does. The other concept I mentioned in class today is garbled circuits.
  • April 30th: I will be away during finals week, so THE FINAL EXAM WILL BE ON FRIDAY MAY 4TH, 10:30AM – 12:30PM IN THE NICHOLS LIBRARY (right behind the front office). Thanks!
  • April 24th: There won't be any office hours this Friday, April 27th. As always, please email me if you need to talk.
  • April 19th: The schedule page has been updated with new readings.
  • April 12th: Some of the resources I promised in class today have been posted on the cool stuff page.
  • April 11th: The schedule page has been updated to reflect that we are a week behind on papers.
  • March 20th: The paper for Tuesday April 3rd is SPATor.
  • March 20th: The schedule page has been updated: some TBAs have been replaced with reading material and Exam II has been moved from April 3rd to April 5th so we can cover more topics on privacy and anonymity. Still some TBAs left — more room left for requests!
  • March 13th: Office hours tomorrow will start at 9:30 rather than 9. Sorry for the inconvenience. Thanks!
  • March 12th: References to some issues we have discussed in class, namely weak TCP initial sequence numbers and cloud computing vulnerabilities are finally up on the cool stuff page.
  • March 8th: Office hours will be shortened tomorrow (March 9th) — 10 – 11 instead of 10 – 12. Sorry for the late notice.
  • February 28th: The company I told you about that does formal development is Praxis. Here's a paper you might enjoy reading that covers one part of their development process: King, Hammond, Chapman, and Pryor — The Value of Verification: Positive Experience of Industrial Proof. I'm still trying to line up a guest speaker to tell us more.
  • February 23rd: See more references to cool stuff mentioned in class on the cool stuff page, including hardware back doors and anonymous blacklisting and whitelisting.
  • February 22nd: The link to Thursday's reading (Anderson, chapter 6) has been fixed. Sorry about that.
  • January 31st: Office hours this Wednesday (tomorrow) will be shorter than usual — they will be 10 – 11 instead of 10 – 12. Sorry for the late notice.
  • January 31st: Here's the link to Symantec's announcements about pcAnywhere and a few other products. It looks like the source code was accessed as early as 2006 (!!), but only the recent threat of the code being released caused some action, extra examination of security, and new patches. I can't immediately locate any information that suggests when Symantec actually learned their code was stolen. However, these "extra" code audits, for a piece of software which gives anyone with a key complete access to a computer, should probably be done continuously. Draw your own conclusions about what happened. :)
  • January 30th: See cool stuff for some more information about that OpenSSL but I told you about in class.
  • January 26th: Slides for the last few lectures have been posted. Apologies for the delay.
    Also, remember that we have a quiz on Tuesday the 31st!
  • January 25th: Office hours this Friday will be shorter than usual — they will be 10 – 11 instead of 10 – 12. Thanks!
  • January 24th: I'm reworking the schedule a bit based on today's in-class feedback. Notice that there is now no reading assigned for Thursday the 26th. Instead, take another look at block ciphers and modes of operation, and the animation listed on the schedule which should make it a lot clearer how a block cipher works. On Thursday we'll talk some more about block ciphers, hash functions, and MACs — I need to correct, clarify, and expand upon what I said in class today (Tuesday).
  • January 22th: Due to a scheduling conflict I've had to move Monday office hours to Wednesdays from 9:00AM to 10:30PM. These changes have been reflected in the schedule and syllabus. Sorry for the inconvenience.
  • January 19th: The schedule for the next few weeks has been posted. I'll fill in the rest of it soon. Some days the readings alternate between the first and second editions of "Security Engineering". Please make sure you read the right one!
  • January 19th: Please note that there won't be any office hours on Monday, January 30th. If you need to see me that day, please email and we can set up an alternate time, even on the 30th. Thanks!
  • January 17th: The slides for today's class have been posted on the schedule page, and the background knowledge questionnaire is here.
  • January 17th: The first reading assignment (due Thursday, January 19th) is long but is very easy (and fun) to read. It should go fast.
  • January 17th: First day of class; welcome! Please see the syllabus page for a class overview and a few other goodies.
  • January 10th: Web page posted.