Introduction to Computer Security at NYU Paris
Especially during Part 1 of the course, we will frequently be using Serious Cryptography by Jean-Philippe Aumasson. You may purchase this book from your local NYU Bookstore: copies have been pre-ordered for students. We will also be using the textbook Security Engineering by Ross Anderson. A free online edition of this textbook is available.
Every lecture will be accompanied by outside readings that expand on what is discussed in class or present the same material in a different way. Neither the readings nor the lectures are a replacement for each other; deeply understanding the material will likely require attendance as well as reading. It is possible to read before or after class, depending on your learning style.
- Kevin Riggle, An Introduction to Approachable Threat Modeling, Increment Magazine, 2018.
- Let's Encrypt, Let's Encrypt: How It Works, Linux Foundation, 2018.
- Nik Unger, Sergei Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg and Matthew Smith, State of Knowledge: Secure Messaging, IEEE Symposium on Security and Privacy, 2015.
- SecuShare, 15 Reasons not to Start Using PGP.
- Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach, IEEE European Symposium on Security and Privacy, 2017.
- Paul Rösler, Christina Mainka and Jörg Schwenk, More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema, IEEE European Symposium on Security and Privacy, 2018.
- Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller and Steven Goldfeder, Bitcoin and Cryptocurrency Technologies, Princeton University Press, 2016.
- Nick Szabo, The Idea of Smart Contracts, University of Amsterdam, 1997.
- Peter L. Dordal, An Introduction to Computer Networks, Loyola University Chicago, 2018.
- Jason A. Donenfeld, WireGuard: Next Generation Kernel Network Tunnel, Network and Distributed Systems Security Symposium, 2017.
- Benjamin Dowling and Kenny Paterson, A Cryptographic Analysis of the WireGuard Protocol, Loyola University Chicago, 2018.
- Cloudflare, How DNSSEC Works.
- Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas and Yi Zhou, Understanding the Mirai Botnet, USENIX Security Symposium, 2017.
- Lily Hay Newman, How Netflix DDoS'd Itself to Help Protect the Entire Internet, WIRED Magazine, 2017.
- Nadim Kobeissi, Capsule: A Protocol for Secure Collaborative Document Editing, Symbolic Software, 2018.
- Stanford University Applied Cryptography Group, Security in Ordinary Operating Systems, Stanford University.
- Apple Inc., iOS Security Guide, Apple Inc., 2018.
- Apple Inc., Apple T2 Security Chip Overview, Apple Inc., 2018.
- Android Team, Android Security: 2017 Year in Review, Google Inc., 2018.
- Frank Piessens, Software Security Knowledge Area, University of Bristol Cyber Security Group, 2018.
- Úlfar Erlingsson, Low-level Software Security: Attacks and Defenses, Microsoft Research and Reykjavík University, 2007.
- OWASP, Password Storage Cheat Sheet, OWASP, 2018.
- Emily Cain, Why Don't we Follow Password Security Best Practices?, Increment Magazine, 2018.
- Luca Carettoni, Electron Security Checklist: A Guide for Developers and Auditors, Doyensec, 2017.
- EFF Tech Team, Tools from the EFF's Tech Team, Electronic Frontier Foundation, 2018.
- Nitasha Tiku, Europe's New Privacy Law Will Change the Web, and More, WIRED Magazine, 2018.
- OWASP, OWASP Top 10 - 2017: The Ten Most Critical Web Application Security Risks, OWASP, 2017.
- Google Application Security, Introduction to Cross-Site Scripting, Google Inc.
- Michal Zalewski, Browser Security Handbook, part 1, Google Inc., 2009.
- Michal Zalewski, Browser Security Handbook, part 2, Google Inc., 2009.
- Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Márk Félegyházi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage, Click Trajectories: End-to-End Analysis of the Spam Value Chain, IEEE Symposium on Security and Privacy, 2011.
- Kurt Thomas, Danny Yuxing Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna, Framing Dependencies Introduced by Underground Commoditization, Workshop on the Economics of Information Security, 2015.
- Coder's Rights Project, Vulnerability Reporting FAQ, Electronic Frontier Foundation.
- Lorenzo Franceschi-Bicchierai, The 10 Biggest Revelations From Edward Snowden's Leaks, Mashable, 2014.