Resources

Lecture Slides

#	Topic
1	Welcome & Introduction
2	Security Policy & Aspects
3	Beyond the Attacks
4	Goals and Requirements
5	Assurance
6	Architectural Approaches to Security
7	CPU Security: Meltdown and Spectre
8.1	Cryptography: Introduction
8.2	Cryptography: One-Time Pads
8.3	Cryptography: Block Ciphers
8.4	Cryptography: Stream Ciphers
8.5	Cryptography: Nonce and IV
8.6	Cryptography: DH and PKI
8.7	Cryptography: Authentication
8.8	Cryptography: Hashes and Key Distribution Functions
8.9	Cryptography: Random Numbers and Entropy
8.11	Cryptography: Libraries
8.12	Cryptography: Developer Mistakes
8.13	Cryptography: Developer Best Practices
10.1	Authentication: Intro
10.2	Authentication: Passwords
10.3	Authentication: Tokens and Certificates
10.4	Authentication: 2FA
10.5	Authentication: OAuth
10.6	Authentication: Kerberos
10.7	Authentication: Biometrics

Cryptography

• Crypto 101 e-book [Free/PDF, (2017+)]
  • Written by Laurens Van Houtven and distributed at https://www.crypto101.io/. Updated directly at GitHub repo. (See also: Local mirror, may be out of date compared to github copy)
  • Big picture ideas + Commentary on breaking crypto. Light on the math! Incomplete / work in progress.
• Cryptography: An Introduction (3rd Edition) [Free/PDF, 2006]
  • Written by Nigel Smart, a cryptographer & computer science professor specializing in the area of elliptic curve cryptography.
  • Note: The free e-book is no longer being updated as-of 2016. See Cryptography Made Simple (2016, Springer Publishing) for purchase.
  • Heavy on the math!
• Cryptography Engineering [Paid, 2010]
  • Written by Niels Ferguson (Cryptographer, Microsoft), Bruce Schneier (Cryptographer), and Tadayoshi Kohno (Professor, University of Washington)
• A Graduate Course in Applied Cryptography [Free/PDF, 2017]
  • Written by Dan Boneh (Professor, Stanford University) and Victor Shoup (Professor, New York University)
  • Heavy on the math!
  • See also: Local mirror of v0.4, may be out of date compared to latest version at http://toc.cryptobook.us/
• Evaluation of Some Blockcipher Modes of Operation by Phillip Rogaway, February 2011. (See also: Local Mirror)

Software Security

• Michael Howard, David LeBlanc, and John Viega. 2009. 24 Deadly Sins of Software Security: Programming Flaws and how to Fix Them. McGraw-Hill, Inc., New York, NY, USA.
  • Note: See Canvas site, Files folder