Suzanne Gaudry Essay Outline

On By In 1

CPE5420 – Introduction to Network Security – Fall 2016

Course Overview

Course Description: This course examines basic issues in network management, testing, and security; it also discusses key encryption, key management, authentication, intrusion detection, malicious attack, and insider threats. Security of electronic mail and electronic commerce systems is also presented.

Prerequisite: CPE5410 (Introduction to Computer Communication Networks) or CS5600 (Computer Networks)

Class Number: On Campus: CPE: 72337 – Distance Education: CPE: 72338

Course Number: CPE5420

Credit Hours: 3.0

Time: MWF @ 10:00 am – 10:50 am

Location:Toomey 260 and Distance Education

Instructor:Egemen K. Çetinkaya

Instructor Contact Information:

132 Emerson Electric Co. Hall
301 W. 16th St.
Rolla, MO 65409-0040

Phone: +1 573 341 6887
Skype: starpasha2004

Instructor Office Hours: MWF @ 11:00 am – 11:45 am or by appointment

Administrative Assistant: Ms. Carol Lay, +1 573 341 4509,, 143 Emerson Electric Co. Hall

CPE5420 Fall 2016 Syllabus: This syllabus is for all sections of this course

Course Schedule

Tentative schedule of lectures, readings, assignments, and exams. Dates in the future subject to change.

WeekDateLecture NotesKey Protocols and AlgorithmsReadingsAssignmentsProject Milestones
Week 0122 Aug.Course OverviewN/AN/AN/AProject overview, expectations, and planning
24 Aug.Networking BackgroundN/AK:1.1-1.5, [SRC1984][Homework 1]N/A
26 Aug.Resilience OverviewN/A[SHÇ+2010][Homework 2]N/A
Week 0229 Aug.Security IntroductionRFC 4949, RFC 2196K:1.6-1.14N/AN/A
31 Aug.Crypto OverviewRFC 4086K:2N/AN/A
02 Sep.DESDES, DES Modes, RFC 4772
Block Cipher Modes
K:3.1-3.3[Homework 3]
[Homework 4]
Week 0305 Sep.Labor Day HolidayN/AN/AN/AN/A
07 Sep.AESAES, DR2001K:3.5N/AN/A
09 Sep.Public-Key Cryptography Overview[IEEE Standard Specifications for Public-Key Cryptography]K:6.1-6.2[Homework 5]N/A
Week 0412 Sep.PKCS AlgorithmsRFC 3447K:6.3-6.4N/AN/A
14 Sep.Asymmetric Cryptography
Boeing talk
16 Sep.Cryptographic Hash FunctionSHA-3, RFC 6234, RFC 1321, RFC 6151K:5.1-5.2N/AN/A
Week 0519 Sep.Data Integrity AlgorithmsRFC 2104, RFC 6151K:5.3-5.5N/AN/A
21 Sep.Data Integrity AlgorithmsDSS
RFC 4270
K:5.6-5.7[Homework 6]N/A
23 Sep.Key Management and DistributionNIST SP 800-57 Part 1, Part 2, Part 3K:9N/AFinalize project topics and groups
Week 0626 Sep.Key Management and AuthenticationRFC 5280, RFC 3647
ITU-T X.509
28 Sep.Network and User Authentication
LANL talk
RFC 4120, Kerberos
NIST PIV Standards
K:10, 13[Homework 7]N/A
30 Sep.Exam 1 LogisticsExam 1N/AN/AN/A
Week 0703 Oct.Higher Layer Security[TLS: RFC 5246], [SSL: RFC 6101, RFC 7568],
[SN Attack: RFC 6528]
K:19[Homework 8]N/A
05 Oct.Higher Layer Security[HTTPS: RFC 2818]
[SSH: RFC 4251]
[FTP: RFC 2577, RFC 4217]
07 Oct.Higher Layer Security[PGP: RFC 1991], [OpenPGP: RFC 4880]
[PEM: RFC 1421]
[S/MIME: RFC 5751]
[DKIM: RFC 5585, RFC 5863, RFC 4686]
[Trustworthy Email: NIST SP 800-177]
K:20, 21, 22N/AN/A
Week 0810 Oct.Network Layer Security[RFC 1636]
[IPsec: RFC 4301, RFC 4302, RFC 4303]
[IKE: RFC 7296]
[Attacks: RFC 1858, RFC 3128, RFC 2827, RFC 5927]
12 Oct.Network Layer Security[BGP Security Vulnerabilities: RFC 4272]
[BGP Operations and Security: RFC 7454]
[S-BGP: KLS2000], [BGPSEC: Draft], [soBGP: Draft]
14 Oct.Network Layer Security[DNSSEC: RFC 4033]N/A[Homework 9]N/A
Week 0917 Oct.Link Layer Security[IEEE 802.11-2012][DKB2005], [SMM+2006], [KW2003]N/AN/A
19 Oct.Link Layer Security[IEEE/ISO/IEC 8802-1X-2013]
[IEEE 802-1AE-2006]
21 Oct.Link Layer Security[CHAP: RFC 1994], [EAP: RFC 3748][BOR2003], [GH2003]N/AProject report draft - title, abstract, outline
MS-Word template or LaTeX template
Week 1024 Oct.Firewall/ACLN/AK:23N/AN/A
26 Oct.Firewall/ACLN/AK:15.8N/AN/A
28 Oct.Network Access Control[NAT: RFC 3022, RFC 2663],
[L2TP: RFC 2661, RFC 3193],
[PANA: RFC 5191],
[RADIUS: RFC 2865], [Diameter: RFC 7155]
Week 1131 Oct.Anomaly DetectionN/A[IDS - CBK2009, ZLH2003, R1999]N/AN/A
02 Nov.FolkloreN/AK:26N/AN/A
04 Nov.Exam 2 LogisticsExam 2N/AN/AN/A
Week 1207 Nov.Special TopicsN/A[Coremelt Attack: SP2009]JM1 : presentationN/AN/A
09 Nov.Special TopicsN/A[OSN Attack: BSB+2009]JLP : presentation
[Spam Botnets: XYA+2008]HJ : presentation
[Healthcare Attack: HBR+2008]JM2 : presentation
11 Nov.Special TopicsN/A[CAPTCHA Attack: YS2008]WJH : presentation
[DH Crypto Attack: ABD+2015]JM3 : presentation
[E-mail Attack: DAM+2015]JM4 : presentation
Week 1314 Nov.Special TopicsN/A[Honeypots: P2004]MRL : presentation
[Heartbleed Bug: CDF+2014, W2014, GK2014]AP : presentation
[Dual EC Attack: CMG+2016]JM5 : presentation
[WiFi Attack: LML+2016]JM6 : presentation
16 Nov.Special TopicsN/A[Cloud Security: RTS+2009]APP : presentation
[Attacks in Cloud: CXZ+2011]HKM : presentation
[Rowhammer Attack1: RGB+2016]JM7 : presentation
[Rowhammer Attack2: XZZ+2016]JM8 : presentation
18 Nov.Special TopicsN/A[Secure Software Development: M2004, VM2004, WM2005]DT : presentation
[Software Security Testing: PM2004, CM2004, ASM2005]SJO : presentation
N/AProject report draft - solid draft with references
Week 1421 Nov.Thanksgiving HolidayN/AN/AN/AN/A
23 Nov.Thanksgiving HolidayN/AN/AN/AN/A
25 Nov.Thanksgiving HolidayN/AN/AN/AN/A
Week 1528 Nov.Special TopicsN/A[OS Security: RKM+2012]NPF : presentation
[Mobile Malware: FFC+2011]VK : presentation
[Smart Device Security: STP+2014]JM9 : presentation
30 Nov.Special TopicsN/A[SSO Vulnerabilities: WCW2012]BJK : presentation
[Web Privacy: MM2012]AMM : presentation
[Privacy (NSA and Snowden): L2013, L2014, T2014]JM10 : presentation
02 Dec.Special TopicsN/A[OSN Security: GHH+2011]RMP : presentation
[OSN Privacy: KW2009]DV : presentation
Week 1605 Dec.N/AN/AN/A{RMP, AMM}, {BJK, JLP}, {NPF, HKM}Project presentations during class
07 Dec.N/AN/AN/A{MRL, WJH}, {HAJ, DV}Project presentations during class
09 Dec.N/AN/AN/A{SJO, DT, AP}, {APP, VK}Project presentations during class
Week 1715 Dec.No Final ExamN/AN/AN/AProject reports due

Reading assignments: K = [KPS2002]

18 October 2016: Mid-semester grades due by instructor
24 October 2016: Mid-semester grades available via Joe'SS
20 December 2016: Final grades due by instructor
26 December 2016: Final grades available via Joe'SS

Course Materials


The required textbook for this class:

[KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, 2002.
(E-book is accessible online via the library.)

Optional Books

Generic Security

[S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, 2017.

[A2008] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edition, Wiley, 2008.
(It is available online via author's website.)

[V2013] John R. Vacca, Computer and Information Security Handbook, 2nd edition, Morgan Kaufmann, 2013.
(E-book is accessible online via the library.)

[SS2010] Peter Stavroulakis and Mark Stamp, Handbook of Information and Communication Security, Springer-Verlang, 2010.
(E-book is accessible online via the library and doi.)

[QTK+2008] Yi Qian, David Tipper, Prashant Krishnamurthy, and James Joshi, Information Assurance: Dependability and Security in Networked Systems, Morgan Kaufmann, 2008.
(E-book is accessible online via the library.)

[S2011] Mark Stamp, Information Security: Principles and Practice, 2nd edition, Wiley, 2011.
(E-book is accessible online via the library.)

[B2004] Matt Bishop, Introduction to Computer Security, Addison-Wesley Professional, 2004.
(E-book is accessible online via the library.)

[B2002] Matt Bishop, Computer Security: Art and Science, Addison-Wesley Professional, 2002.
(E-book is accessible online via the library.)

[SB2015] William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 3rd edition, Prentice Hall, 2015.

[S2006] David Salomon, Foundations of Computer Security, Springer-Verlang, 2006.
(E-book is accessible online via the library and doi.)

[AB2010] Tansu Alpcan and Tamer Başar, Network Security: A Decision and Game-Theoretic Approach, Cambridge University Press, 2010.
(E-book is accessible online via the library.)


[MOV1996] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
(It is available online via author's website.)

[S1995] Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edition, Wiley, 1995.
(E-book is accessible online via the library.)

[PP2010] Christof Paar and Jan Pelzl, Understanding Cryptography, Springer-Verlang, 2010.
(E-book is accessible online via the library and doi.)

[V2006] Serge Vaudenay, A Classical Introduction to Cryptography: Applications for Communications Security, Springer, 2006.
(E-book is accessible online via the library and doi.)

[BJL+2006] Thomas Baigèneres, Pascal Junod, Yi Lu, Jean Monnerat, and Serge Vaudenay, A Classical Introduction to Cryptography Exercise Book, Springer, 2006.
(E-book is accessible online via the library and doi.)

[DR2001] Joan Daemen and Vincent Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard, Springer Berlin Heidelberg, 2001.
(It is available online via author's website.)

Malicious Logic

[YY2004] Adam Young and Moti Yung, Malicious Cryptography: Exposing Cryptovirology, Wiley, 2004.
(E-book is accessible online via the library.)

[A2006] John Aycock, Computer Viruses and Malware, Springer, 2006.
(E-book is accessible online via the library and doi.)

[F2005] Eric Filiol, Computer viruses: from theory to applications, Springer-Verlang, 2005.
(E-book is accessible online via the library and doi.)

Hacking/Penetration Testing

[B2016] Kevin Beaver, Hacking For Dummies, John Wiley & Sons, Inc., 2016.
(E-book is accessible online via the library.)

[WN2005] Andrew Whitaker and Daniel P. Newman, Penetration Testing and Network Defense, Cisco Press, 2005.
(E-book is accessible online via the library.)

Cloud Security

[LP2015] Flavio Lombardi and Roberto Di Pietro, Security for Cloud Computing, Artech House, 2015.
(E-book is accessible online via the library.)

[L2015] Fabio Alessandro Locati, OpenStack Cloud Security, Packt Publishing, 2015.
(E-book is accessible online via the library.)

[A2014] Imad M. Abbadi, Cloud Management and Security, Wiley, 2014.
(E-book is accessible online via the library.)

[X2014] Kaiqi Xiong, Resource Optimization and Security for Cloud Services, Wiley, 2014.
(E-book is accessible online via the library.)

[SRH2014] Raj Samani, Jim Reavis, and Brian Honan, CSA Guide to Cloud Computing, Syngress, 2014.
(E-book is accessible online via the library.)

[NP2014] Surya Nepal and Mukaddim Pathan, Security, Privacy and Trust in Cloud Systems, Springer-Verlang, 2014.
(E-book is accessible online via the library and doi.)

[H2011] Ben Halpert, Auditing Cloud Computing: A Security and Privacy Guide, Wiley, 2011.
(E-book is accessible online via the library.)

[KV2010] Ronald L. Krutz and Russell Dean Vines, Cloud Security: A Comprehensive Guide to Secure Cloud Computing, Wiley, 2010.
(E-book is accessible online via the library.)

[MKL2009] Tim Mather, Subra Kumaraswamy, and Shahed Latif, Cloud Security and Privacy, O'Reilly Media, 2009.
(E-book is accessible online via the library.)

Supplementary Books

[KR2017] James F. Kurose and Keith W. Ross, Computer Networking: A Top-Down Approach, 7th edition, Pearson, 2017.
(Note that this a mandatory book (and must be read) for anyone who wants start networking research with me.)

[T2002] Kishor S. Trivedi, Probability and Statistics with Reliability, Queuing, and Computer Science Applications, 2nd edition, Wiley, 2002.
(Note that this is the required textbook for CPE 6440, Network Performance Analysis.)

[K2012] Srinivasan Keshav, Mathematical Foundations of Computer Networking, Addison-Wesley Professional, 2012.
(E-book is accessible online via the library.)

[CLR+2009] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein, Introduction to Algorithms, 3rd edition, MIT Press, 2009.
(E-book is accessible online via the library.)


[SRC1984] Jerome H. Saltzer, David P. Reed, and David D. Clark, “End-to-End Arguments in System Design,”ACM Transactions on Computer Systems, Volume 2, Issue 4, pp. 277 – 288, November 1984.

[SHÇ+2010] James P.G. Sterbenz, David Hutchison, Egemen K. Çetinkaya, Abdul Jabbar, Justin P. Rohrer, Marcus Schöller, and Paul Smith, “Resilience and Survivability in Communication Networks: Strategies, Principles, and Survey of Disciplines,”Computer Networks, Volume 54, Issue 8, pp. 1245 – 1265, June 2010.

[KLS2000] Stephen Kent, Charles Lynn, and Karen Seo, “Secure Border Gateway Protocol (S-BGP),”IEEE Journal on Selected Areas in Communications, Volume 18, Issue 4, pp. 582 – 592, April 2000.

[LSG2016] Robert Lychev, Michael Schapira, and Sharon Goldberg, “Rethinking Security for Internet Routing,” Communications of the ACM, Volume 59, Issue 10, pp. 48 – 57, October 2016. Online article is here.

[DKB2005] Djamel Djenouri, Lyes Khelladi, and Nadjib Badache, “A Survey of Security Issues in Mobile Ad Hoc and Sensor Networks,”IEEE Communications Surveys & Tutorials, Volume 7, Issue 4, pp. 2 – 28, 4th Quarter 2005.

[SMM+2006] Minho Shin, Justin Ma, Arunesh Mishra, and William A. Arbaugh, “Wireless Network Security and Interworking,”Proceedings of the IEEE, Volume 94, Issue 2, pp. 455 – 466, February 2006.

[KW2003] Chris Karlof and David Wagner, “Secure routing in wireless sensor networks: attacks and countermeasures,”Ad Hoc Networks, Volume 1, Issues 72-3, pp. 293 – 315, September 2003.

[BOR2003] Danilo Bruschi, Alberto Ornaghi, and Emilia Rosti, “S-ARP: a Secure Address Resolution Protocol,” in Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV, December 2003, pp. 66 – 74.

[GH2003] Mohamed G. Gouda and Chin-Tser Huang, “A secure address resolution protocol,”Computer Networks, Volume 41, Issue 1, pp. 57 – 71, January 2003.

[CBK2009] Varun Chandola, Arindam Banerjee, and Vipin Kumar, “Anomaly Detection: A Survey,”ACM Computing Surveys, Volume 41, Issue 3, pp. 15:1 – 15:58, July 2009.

[ZLH2003] Yongguang Zhang, Wenke Lee, and Yi-An Huang, “ Intrusion Detection Techniques for Mobile Wireless Networks,”Wireless Networks, Volume 9, Issues 5, pp. 545 – 556, September 2003.

[R1999] Martin Roesch, “Snort – Lightweight Intrusion Detection for Networks,” in Proceedings of the 13th USENIX Conference on System Administration (LISA), Seattle, WA, November 1999, pp. 229 – 238.

[SP2009] Ahren Studer and Adrian Perrig, “The Coremelt Attack,” in Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS), Saint-Malo, France, September 2009, pp. 37 – 52.

[KLG2013] Min Suk Kang, Soo Bum Lee, and Virgil D. Gligor, “The Crossfire Attack,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), Berkeley, CA, May 2013, pp. 127 – 141.

[HBR+2008] Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel, “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), Oakland, CA, May 2008, pp. 129 – 142.

[XYA+2008] Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov, “Spamming Botnets: Signatures and Characteristics,” in Proceedings of the ACM SIGCOMM Conference, Seattle, WA, August 2008, pp. 171 – 182.

[YS2008] Jeff Yan and Ahmad Salah El Ahmad, “A Low-cost Attack on a Microsoft CAPTCHA,” in Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pp. 543 – 554.

[BSB+2009] Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda, “All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks,” in Proceedings of the 18th International Conference on World Wide Web (WWW), Madrid, April 2009, pp. 551 – 560.

[ABD+2015] David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, CO, October 2015, pp. 5 – 17.

[DAM+2015] Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J. Alex Halderman, “Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security,” in Proceedings of the ACM Internet Measurement Conference (IMC), Tokyo, October 2015, pp. 27 – 39.

[P2004] Niels Provos, “A Virtual Honeypot Framework,” in Proceedings of the 13th USENIX Security Symposium, San Diego, CA, August 2004, pp. 1 – 14.

[CDF+2014] Marco Carvalho, Jared DeMott, Richard Ford, and David A. Wheeler, “Heartbleed 101,”IEEE Security and Privacy, Volume 12, Issue 4, pp. 63 – 67, July/August 2014.

[W2014] David A. Wheeler, “Preventing Heartbleed,”IEEE Computer, Volume 47, Issue 8, pp. 80 – 83, August 2014.

[GK2014] Daniel E. Geer Jr., and Poul-Henning Kamp, “Inviting More Heartbleed,”IEEE Security and Privacy, Volume 12, Issue 4, pp. 46 – 50, July/August 2014.

[CMG+2016] Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham, “A Systematic Analysis of the Juniper Dual EC Incident,” in Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, October 2016, pp. 468 – 479.

[LML+2016] Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan, “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals,” in Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, October 2016, pp. 1068 – 1079.

[ZL2012] Dimitrios Zissis and Dimitrios Lekkas, “Addressing cloud computing security issues,”Future Generation Computer Systems, Volume 28, Issue 3, pp. 583 – 592, March 2012.

[XX2013] Zhifeng Xiao and Yang Xiao, “Security and Privacy in Cloud Computing,”IEEE Communications Surveys & Tutorials, Volume 15, Issue 2, pp. 843 – 859, 2nd Quarter 2013.

[RTS+2009] Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, November 2009, pp. 199 – 212.

[CXZ+2011] Ashley Chonka, Yang Xiang, Wanlei Zhou, and Alessio Bonti, “Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks,”Journal of Network and Computer Applications, Volume 34, Issue 4, pp. 1097 – 1107, July 2011.

[RGB+2016] Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos, “Flip Feng Shui: Hammering a Needle in the Software Stack,” in Proceedings of the 25th USENIX Security Symposium, Austin, TX, August 2016, pp. 1 – 18.

[XZZ+2016] Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu, “One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation,” in Proceedings of the 25th USENIX Security Symposium, Austin, TX, August 2016, pp. 19 – 35.

[LBM+1994] Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi, “A Taxonomy of Computer Program Security Flaws,”ACM Computing Surveys, Volume 26, Issue 3, pp. 211 – 254, September 1994.

[ESK+2012] Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel, “A Survey on Automated Dynamic Malware-Analysis Techniques and Tools,”ACM Computing Surveys, Volume 44, Issue 2, pp. 6:1 – 6:42, February 2012.

[M2004] Gary McGraw, “Software Security,”IEEE Security and Privacy, Volume 2, Issue 2, pp. 80 – 83, March/April 2004.

[VM2004] Denis Verdon and Gary McGraw, “Risk Analysis in Software Design,”IEEE Security and Privacy, Volume 2, Issue 4, pp. 79 – 84, July/August 2004.

[WM2005] Kenneth R. van Wyk and Gary McGraw, “Bridging the Gap Between Software Development and Information Security,”IEEE Security and Privacy, Volume 3, Issue 5, pp. 75 – 79, September/October 2005.

[PM2004] Bruce Potter and Gary McGraw, “Software Security Testing,”IEEE Security and Privacy, Volume 2, Issue 5, pp. 81 – 85, September/October 2004.

[CM2004] Brian Chess and Gary McGraw, “Static Analysis for Security,”IEEE Security and Privacy, Volume 2, Issue 6, pp. 76 – 79, November/December 2004.

[ASM2005] Brad Arkin, Scott Stender, and Gary McGraw, “Software Penetration Testing,”IEEE Security and Privacy, Volume 3, Issue 1, pp. 84 – 87, January/February 2004.

[RKM+2012] Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan Parno, Helen J. Wang, and Crispin Cowan, “User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, May 2012, pp. 224 – 238.

[FFC+2011] Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner, “A Survey of Mobile Malware in the Wild,” in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Chicago, IL, October 2011, pp. 3 – 14.

[STP+2014] Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, and Arturo Ribagorda, “Evolution, Detection and Analysis of Malware for Smart Devices,”IEEE Communications Surveys & Tutorials, Volume 16, Issue 2, pp. 961 – 987, 2nd Quarter 2014.

[FWC+2010] Benjamin C. M. Fung, Ke Wang, Rui Chen, and Philip S. Yu, “Privacy-preserving data publishing: A survey of recent developments,”ACM Computing Surveys, Volume 42, Issue 4, pp. 14:1 – 14:53, June 2010.

[L2013] Susan Landau, “Making Sense of Snowden: What's Significant in the NSA Surveillance Revelations,”IEEE Security and Privacy, Volume 11, Issue 4, pp. 54 – 63, July/August 2013.

[L2014] Susan Landau, “Making Sense of Snowden Part II: What's Significant in the NSA Surveillance Revelations,”IEEE Security and Privacy, Volume 12, Issue 1, pp. 62 – 64, January/February 2014.

[T2014] Bob Toxen, “The NSA and Snowden: Securing the All-Seeing Eye,”Communications of the ACM, Volume 57, Issue 5, pp. 44 – 51, May 2014.

[MM2012] Jonathan R. Mayer and John C. Mitchell, “Third-Party Web Tracking: Policy and Technology,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, May 2012, pp. 413 – 427.

[GHH+2011] Hongyu Gao, Jun Hu, Tuo Huang, Jingnan Wang, and Yan Chen, “Security Issues in Online Social Networks,”IEEE Internet Computing, Volume 15, Issue 4, pp. 56 – 63, July/August 2011.

[ZSZ+2010] Chi Zhang, Jinyuan Sun, Xiaoyan Zhu, and Yuguang Fang, “Privacy and Security for Online Social Networks: Challenges and Opportunities,”IEEE Network, Volume 24, Issue 4, pp. 13 – 18, July/August 2010.

[KW2009] Balachander Krishnamurthy and Craig E. Wills, “On the Leakage of Personally Identifiable Information Via Online Social Networks,” in Proceedings of the 2nd ACM Workshop on Online Social Networks (WOSN), Barcelona, August 2009, pp. 7 – 12.

[WCW2012] Rui Wang, Shuo Chen, and XiaoFeng Wang, “Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, May 2012, pp. 365 – 379.


  • NSA
  • FBI Cyber Crime
  • The Internet Crime Complaint Center
  • U.S. Public Policy Council of ACM
  • IEEE Cybersecurity Initiative
  • International Association for Cryptologic Research
  • Security-related RFCs
  • Internet Storm Center
  • Security Tools
  • Schneier on Security
  • Google Security Blog
  • ACM SIG-Security @ MST
  • Movies/Documentaries: The Imitation Game, Breaking the Code, Citizenfour, Sneakers, Takedown, Zero Days, U-571
  • Miscellaneous Videos: Enigma Machine, Flaw in the Enigma Code, Anonymous, Cracking Stuxnet: a 21st-Century Cyberweapon, Creating Better Passwords By Making Up Stories, Cyber Wars: The Hacker as Hero, Zero Days: White Hat and Black Hat Hackers
    Len Adleman 2002 ACM Turing Talk (Pre-RSA Days: History and Lessons),
    Ron Rivest 2002 ACM Turing Talk (The Early Days of RSA: History and Lessons),
    Adi Shamir 2002 ACM Turing Talk (Cryptography: State of the science)

Course Policies

These policies are subject to change and students will be notified of any changes.


Don't hesitate contacting me outside of the office hours, but first confirm my availability via e-mail. Subject line of all e-mails regarding this class must start with: CPE5420 - followed by a meaningful indicator of the content. Otherwise, e-mails can be misfiltered and not read (faculty members receive many e-mails daily). If you don't hear from me within 48 hours, please resend the e-mail. I expect students will check their e-mails regularly for any announcements. We will primarily utilize the course website and (maybe) Canvas during this class. I will utilize S&Tconnect for potential performance issues. You can also instant message me via Skype, but do not call on Skype before confirming my availability. The course Facebook page will be utilized to share news, interesting facts, discussions etc.


On-campus students are expected to attend all classes. Students enrolled in the distance education section of the course are encouraged to participate in the live class, but are welcome to watch the archived lectures instead. Note that 5% of the course grade is constituted by student participation activities such as in-class interactions. Attendance to the exams, which will be administered during the class time (Exam 1: 30 September 2016 and Exam2: 04 November 2016), and in-class project presentations (05-09 December 2016) are mandatory. Distance students will be required to take the exam with a webcam and headset or by an approved proctor during the normal class time. There will not be make-up options for these unless prior arrangements are made, or in the event of emergencies and sudden illness (which must be documented by the student). If you are in a state of contagious illness (e.g. Flu, Ebola), don't come to the class but notify me ahead of time. Flu shots are recommended for everyone. Distance students will be required to present their presentations with a webcam and headset during normal class time (preferred) or a previously recorded presentation if unable to present live.

Classroom Courtesy

We will physically meet in the Toomey 260 and the lectures will be webcast as well as archived. Students are expected to be prompt to the class. Due to interference with the recording system, I will ask everyone to turn off their cellphones (not even silence or vibrate!). Please avoid typing or eating snacks near the microphones as it creates annoying noise to others.


Assignments are due on the due date at 11:59 pm. Unless prior arrangements are made, late assignments are not accepted. Assignments must be sent either in pdf as an attachment or plaintext e-mail format.


Students are expected to read all required readings before the corresponding lecture. While most paper readings are hyperlinked to a version that is available on the author's webpage, some are not; however, all papers are available via the library. Alternatively, once you VPN into the campus network, papers are accessible from the course webpage.


Students are expected to give 1-2 presentation(s) in the corresponding class throughout the semester based on a scholarly paper. Each presentation is expected to last ~20 min. Student initials are marked (e.g. JM1 Joe Miner1) in the schedule. They will be assigned on a first-come, first-served basis (check the readings in the third part of the course and e-mail me which paper you would like to present). Presentations must be sent 48 hours in advance so I can provide feedback to you. You can use the presentation guidelines found in this template. Presentations will be evaluated based on the following scoring rubric (thanks to Vicki Hopgood for the rubric). Distance students should check how to record ppt presentation video.

Computer Labs

The Linux desktops are located in EECH 107 & CS 213 and you can SSH into these machines using VPN (Note that there is a new VPN client). The Windows PCs are located in EECH 105 & 106. I expect that students will use the computing resources according to the MST IT Policy. If you need resources for any intrusive testing or programming, contact me first. If you have computer-related problems, contact IT Help Desk.

Collaborative Software Support

For WebEx problems, contact Video Communications Center (VCC). For Canvas problems, contact Educational Technology (EdTech).

Title IX

Missouri University of Science and Technology is committed to the safety and well-being of all members of its community. US Federal Law Title IX states that no member of the university community shall, on the basis of sex, be excluded from participation in, or be denied benefits of, or be subjected to discrimination under any education program or activity. Furthermore, in accordance with Title IX guidelines from the US Office of Civil Rights, Missouri S&T requires that all faculty and staff members report, to the Missouri S&T Title IX Coordinator, any notice of sexual harassment, abuse, and/or violence (including personal relational abuse, relational/domestic violence, and stalking) disclosed through communication including but not limited to direct conversation, email, social media, classroom papers and homework exercises. Missouri S&T's Title IX Coordinator is Vice Chancellor Shenethia Manuel. Contact her directly (; (573) 341-4920; 113 Centennial Hall) to report Title IX violations. To learn more about Title IX resources and reporting options (confidential and non-confidential) available to Missouri S&T students, staff, and faculty, please visit

Disability Support

If you have a documented disability and anticipate needing accommodations in this course, you are strongly encouraged to meet with me early in the semester. You will need to request that the Disability Support Services staff send a letter to me verifying your disability and specifying the accommodation you will need before I can arrange your accommodation.

Academic Integrity

Academic integrity is an essential part of your success at MST (and thereafter). Academic dishonesty such as cheating, plagiarism, or sabotage is prohibited, and MST policy will be followed upon any instance of these. Following are the guidelines:


  • You can discuss homework with each other, but can not write up together.
  • You can use the Web/books/papers/library for finding a solution methodology, but do not search for a solution manual nor use an existing solution manual for your assignment.
  • Any student who copies or permits another student to copy will receive a 0 for the assignment, and the MST policy will be initiated.


  • You can discuss code/pseudocode with each other, but can not write the software together unless it is a group project.
  • You can use software libraries available, but properly cite the source in your code as a comment.
  • Any student who copies or permits another student to copy will receive a 0 for the assignment, and the MST policy will be initiated.


  • You are expected to answer exam questions by yourself. No additional resources (e.g., programmable calculators, phones, cheat sheets, etc.) are allowed and cheating in the exams is forbidden.
  • Any student who copies or permits another student to copy will receive a 0 for the exam, and the MST policy will be initiated.

Project Report

Penalties vary from a warning up to expulsion from the university. Before your actions, I suggest you think twice, and save us headache. When in doubt, don't hesitate to ask me!


This course is intended for graduate and upper-level undergraduate students. The grade for graduate students cannot be lower than C. If you have not taken the prerequisites for this class, talk to me as soon as possible.


The weights of each component for the overall grade is as below:

20%Exam 1
20%Exam 2
10%Paper presentation
20%Homework and quizzes

Important Notes:

  • Exam 1 will cover topics from the beginning of the class to Exam 1, which will be administered on 30 September 2016.
  • Exam 2 will cover topics from the beginning of the class to Exam 2; however, emphasis will be on topics covered after Exam 1. Exam 2 will be administered on 04 November 2016.
  • Online students must have a webcam and a headset (microphone and speaker) [for proctoring]. Ability to print and scan (either scanner or high resolution camera) PDF documents is required for the exams. Skype, Google Hangout or other software that enables seeing each other might be required.
  • Each student is expected to present 1-2 papers throughout the semester. The in-class student presentations will contribute 10% of the overall grade. Presentations will be evaluated based on the following scoring rubric (thanks to Vicki Hopgood for the rubric).
  • There will be regular homework assignments (including programming assignments) and quizzes to provide you and me with feedback of your understanding of the course topics.
  • Participation grades will be based on questions asked, interactions, leading discussions, finding the bugs in lecture notes and course website, recommendations for reading, etc. Distance students are encouraged to participate during live class sessions but will not be penalized if unable to. Participation for asynchronous distance students will rely on e-mail messages.
  • Employer reimbursement and immigration status cannot be a consideration in the final grade.
  • Publishable projects are subject to extra credit.


Do not hesitate to contact me if you have opinions to improve the course. You don't have to wait until end of semester.

Project Prospects

Students are expected to explore a topic of their choice that is relevant to the class in detail through the project. Project teams will be formed of at most three students (generally two) per team. Distance students will be assisted in forming teams and are encouraged to collaborate via Skype/Google Hangouts and work together using services such as Dropbox. The project grade contributes a major portion of the final grade. The overall project grade (extra credit will be given for publishable projects with my guidance) will depend on:

40%Novelty of ideas and results
40%Project report
20%Project presentation

Project reports must be sent only in pdf format. Final reports should be in total length of 10-15 pages. You can use this MS-Word template or LaTeX template for project reports. Students must submit the deliverables according to the following dates:

Due DateDeliverable
23 September 2016Project title and group members
21 October 2016Project report draft - title, abstract, outline
18 November 2016Project report draft - solid draft with references
05-09 December 2016Project presentations during class
15 December 2016Project reports due

Project teams and topics are as below:

Team {initials}Topics
{SJO, DT, AP}Cryptographic Misuse of Libraries
{NPF, HKM}On Computer Security Incident Response Teams
{MRL, WJH}Encrypted Chat Room
{BJK, JLP}SCADA/PLC Network Malicious Traffic Monitoring and Detection
{RMP, AMM}Advanced Automated Virtualized Network Defense
{APP, VK}Secure and Reliable Server/Client Chat Application
{HAJ, DV}DDoS Attack and Detection Using Hadoop

Last updated 17 December 2016 – Valid XHTML 1.1
©2014-2016 Egemen K. Çetinkaya <>

Carving by John Hammond

In the early modern period, an era of social change and religious turmoil, women stood at the epicenter of witch-hunts. The assumption that women were more susceptible to carnal temptations and would therefore be more likely to give into the devil led to approximately 80% of women being accused of witchcraft as opposed to 20% of men (Bever 956). These accusations normally came about when there was some sort of social unrest such as disputes between Protestants and Catholics, the plague, and rifts between midwives and doctors. Witches were charged with heinous crimes such as infanticide, irregular sexual behavior, and problems within the community; these were all activities that were considered inappropriate for women to participate in. In order to avoid these accusations women would avoid behaviors that would we associated with witchcraft. After being implicated the methods of extracting a confession were inhumane and the trials quick and unfair. Social reform did not come about until a critical mass, specific proportion of the population, had lost confidence in witchcraft. Nobles and peasants alike would call for reform, and the more educated class would write papers and demand a change in the court system. By this time woman had substantially changed their behavior and conformed to a new societal standard, where women were passive, nurturing, and truly the “weaker sex”. The more that women were accused of witchcraft, the more they altered their behavior to protect themselves from punishment.

Why Women were more prone to the be Witches: 

The explanation for why women and not men were most likely to be witches was inherently discriminatory. Men claimed that the women had more faith, were more impressionable and had looser tongues than men, which led to the path of sin and contact with the devil. Specifically these qualities made women more suitable to sexual deviance and dependent on a man to control their urges. The very nature of women was considered to be less than a man’s; Malleus Maleficarum, a widely read witch-hunting manual, claimed that

“the natural reason is that she is more carnal than a man, as is clear from her many carnal abominations. And it should be noted that were was a defect in the formation of the of the first woman, since she was formed from a bent rib, that is, a rib of the breast which is bent as it were in a contrary direction to a man. And since through this defect she is an imperfect animal she always deceives” (Institotis 44).

Because of women’s very nature, their extreme emotions and ability to be corrupted, men were needed to protect them from the dangerous forces of evil. This places women in a lower class than men. Women were inherently less valuable and prone to temptation because of the idea that Eve came from the side of Adam and not the head; men were considered perfect creations and women were imperfect versions of men. Women who were considered exceptional had male qualities and achievements while maintaining their femininity; for most women being considered male-like or not adapting to social standards was a sign of defiance and could lead to a charge of witchcraft. These women would alter their behavior to appear more feminine, even though women were considered a lesser form of man.

Painting by Michelangelo Buonarroti

Manipulation of Feminine Ideals:

With this ideal of biological superiority men were able to push women into a different sphere, forcing them into a passive role where they could not challenge the ideas of men for fear of prosecution; women would manipulate stereotypes about themselves to justify their involvement in socially unacceptable activities. One midwife attempted to protect reputation by testifying,

“I use my feminine skills, given by the grace of God, only when someone entreats me earnestly and never advertise myself, but only when someone has been left for last, and they ask me many times. I do whatever I can possibly do out of Christian love and charity, using only simple and allowable means that should not be forbidden or proscribed in the least” (Sradtrachiv, 1020).

This woman is acknowledging the belief that women are not equal to men while emphasizing her feminine and Christian qualities that are socially acceptable. She plays into the belief that women have special feminine qualities that give her an unique in her ability to act as a medical practitioner; these qualities are acceptable and if she had not presented her argument in such a manor she would be unable to continue her occupation. Men were very rarely accused of wizardry; approximately 80% of the charges were brought against women, and men often lead the charge against those accused women (Bever 956).The men did not have to justify their occupations or fear retribution for fringe personality traits. As accusations about witchcraft became more gendered, women avoided specific crafts that could lead to a trial. Those individuals accused of crimes were at odds with the community in some factor typically personality, craft and religion.

Qualities of those accused:


Image from the British Libraries

Women accused of witchcraft were often central members to the community, acting as wives and mothers, yet they did not conform to some male expectation; the ‘witches’ then have exhibited some other outlining trait such as an aggressive personality, an unexpected craft, or an unaccepted religion. European society was based on a history of male dominance and the women who were accused of witchcraft did not meet the male standard. The women implicated in crimes of witchcraft were normally “integral members of their communities: married, not single; part of the broad middling peasantry, not the poorest of poor” (Beaver 958). Since the women were not the traditional outliers in society, other characteristics made them more likely to be accused of witchcraft such as occupation and personality traits. Women that were considered “assertive and aggressive” and who did not conform to the patriarchal European standard were likely to be prosecuted (Bever 956). Women that worked in male dominated guilds, such as play writers, were often accused of sexual deviance and inappropriate behavior that could lead to a charge of witchcraft. Women would then avoid these occupations to protect their reputations and safety.The field of medicine began to change as men became more involved in the medical field; to remove competition male physicians would accuse midwives of causing the deaths of babies and offering the child to the devil as a sacrifice. The male physicians in the community charged midwives and if they attempted to deny these claims it was taken as proof of their guilt. By accusing female midwives of witchcraft men were successfully able to exclude women from the field of medicine for hundreds of years. For more on the masculinization of the medical field click here. Women accused of crimes were a threat to men and were considered combative in personal relationships with others in the community.

Some women experienced safely and acceptance in the community until some fact changed.  Such was the case with mother lakeland,”The faid mother lakeland hath be a profelloiat of religion, a constant hearer of the world for these many years, and yet a witch (as the confessed) for the space of near-twenty years” (The laws against witches 7). She was accepted in the community as a physical healer but something changed, individuals began to view her as a threat. Mother lakeland grew into a malicious woman who abused her husband, children, and maid; if she was indeed abusing her family, qualities that were not accepted in women, this and  her career as a healer would have made her a target for witchcraft accusations. For ideas about witches and power click here. As a consequence of the charges against them women would alter their behavior so they would not be accused and avoid the fate of Mother Lakeland and those similar to her. Women became the more passive sex because the qualities that were considered ‘manly’ such as demanding payment for work done or abusing members of ones family were associated with witchcraft. These attributes were systematically avoided by women so they could protect themselves.

Social Change:

Increases in the number of witchcraft accusations came about during times of social change; individuals became hyper aware of those who were different or had not conformed to the evolving social standards. In an culture that was predominately anti-woman challenges to the status quo forced an reexamination of the social hirearchy and changed the expectations of women, for those who could not conform would be tried and burned. The Protestant reformation forced this upon the culture of Europe and with it brought tensions between Protestant and Catholics;

“this helps us understand why only the most rapidly developing countries, where the Catholic church was weakest, experienced a virulent witch craze (i.e., Germany, France, Switzerland). Where the Catholic Church was strong (Spain, Italy, Portugal) hardly any witch craze occurred” (Yehuda 15).

Both Protestant and Catholic communities prosecuted those individuals who did not share the same religious beliefs. This in addition to economic tension and the plague made community life particularly harsh for women who challenged men fiscally and/or had assertive personality traits. By adapting the religious standards of the community women were able to gain acceptance, if they did not it was one additional factor that made them an outsider in the society. Neighbors did not trust neighbors and there was doubt as to what the true religion was. A woman who did not conform was subject to the stereotypes of her religion and gender.

Individuals wanted explanations for economic strife, like the death of livestock, and an easy answer was to blame a woman for causing the situation to occur. The people wanted to be able to explain the situations that adversely affected the lives of everyone in the community and being ignorant to the causes of their misfortunes blaming an individual seemed rational. As with the plague and other medical disasters, women were often put at fault because of a lack of knowledge about the subject and the origins of the problem. For information on community relations and confessions of witchcraft click here. Women changed their behavior to appear overly relgious and conform to the new standards. Yet the role of women as mothers harmed this goal because “the fact that women were the preservers and transmitters of popular culture, teaching their children magical sayings and rhymes along with more identifiably Christian ones, made them particularly suspect” (Wiesner-Hanks 257).

Painting by Joseph E. Baker

No matter how hard a woman tried if she was an individual who fell into a suspect category she was a risk simply because of her womanhood and the changing expectations on women. In times of social unrest and disasters, groups looked for a scapegoat to explain the difficulty and took out their anger on the women of the area especially religious prosecution because women were believed to be more religious. Women would associate themselves with holy and Christian ideals in attempts to protect themselves from the anger of and persecution by the community.

Types of Accusations:

The accusations women faced ranged from sexual deviance to infanticide and devil worship. It was widely read in witch hunting manuels that all women who practiced witchcraft had certain activities in common such as: purging themselves of their outwards signs of the church, promising the devil to recruit others, baptizing children in the demonic faith, and renouncing the catholic faith, the trinity, and the saints (Summers 81-102). The actions of ‘witches’ then became suspected pasttimes for all women. These unspeakable acts were viewed as especially heinous because women were believed to be more religious and were supposed to act in a nurturing manner. Women then associated themselves with motherly characteristics to avoid being accused of these terrible crimes. Midwives were most commonly accused of sacrificing babies to the devil while single women were accused of having sexual demonic relationships because their urges were not satisfied by any man. To prevent the accusations midwives slowly left the medical field and women would try to find a husband or male guardian as soon as possible. These women changed their behavior and lost influence in the medical world in order to protect themselves from the tyranny of witch hunts, an ideal example of how women changed their behavior to conform to the male standard.

Women were believed to have uncontrollable sexual urges and it was thought that they needed to have a guardian to keep their morals intact.  When a male guardian was not present, a woman could turn to a devil to satisfy those needs. It was common knowledge that witches would gather on certain ancient holidays far away from men to participate in Sabbats, or large orgies where the witches would ride on the backs of goats to remote locations and perform infant sacrifices (Summers 110-118). The actions were considered inappropriate for a woman and highlighted mens inability insecurities that they were not needed for women to be satisfied. In response women would attempt to find husbands or guardians to protect their moral standing and public image and to avoid the misconception that their sexual desires were being filled by the devil.

Because of the belief that witches preformed these heinous acts and that they were the cause of economic and medical disasters, confessions were often solicited by torture. Even in torture women attempted to associate themselves with holy symbols as a way to combat the negative associations people had formed of witchcraft. In the trial of Suzanne Gaudry she was recored to have said “that God and the Virgin Mary forbid her to; that she in not a witch. And upon being asked why she confessed to being one, said that she was forced to say it” (Kors 366). Even in torture she was brining up symbols of piety and womanhood (the Virgin Mary) to offset the charges placed against her; the charges of sexual deviance were especially worrisome and if a woman was able to connect herself with the Virgin Mary she may have been able to save herself. Suzanne Gaudry attempted to save herself by making this connection and associating herself with positive feminine ideals and distancing herself from sexual deviance.

Carving by Joos de Damhouder

The Ordeal of Trial:

After a woman was publicly accused of witchcraft, she would be brought before the local judge or a community leader. If she did not confess, she would be tortured. Many of the questions that women were asked were leading and besought pornographic responses about the witch’s Sabbats. This, in addition to her confession, would have been taken as proof because holy women were not supposed to have any carnal or descriptive knowledge about sex acts. Women would associate themselves with the Virgin Mary and pious individuals during torture and claim their innocence in the hopes of protecting their image. Most of the manuals available to those attempting to get a confession contained erotic and detailed descriptions of witches’ sexual acts (Garrett 34) and therefore acted as an outlet and a way for men to learn about the bodies of women. For information about the sexuality of witchcraft click here. One part of convicting a witch was the search for the Devil’s Mark, the place where the demon sucked the body for blood, which was often found on a woman’s genitals. It was considered extremely inappropriate for a woman to be exposed in such a manor but she allowed this violation of her privacy, a change in her behavior, in an attempt to protect herself from death and further torture. An accused witch was sacrificing her morals, or what would be considered an accepted viewing of the female body by european society, which often lead to the charge that she was indeed a witch because no holy woman would allow her body to be exposed in such a manor. Judges would allow family members and neighbors to search a woman’s body.

“The body of knowledge about sexuality present in witchcraft discourse encouraged the harassment of marginalized women, sanctioned the sexual humiliation of suspects, exacerbated the burden of sexual shame placed upon women, directly facilitated the execution of witch suspects, and more generally extended the imaginative reach of misogyny” (Garrett 59).

Women would subject themselves to this embarrassment with the hope that they would prove their innocence, but often times a birth mark or some other skin abnormality was found. This search rarely yielded the result the accused was looking for, but increased the intensity and shame placed on the woman’s sexuality. Women then downplayed their sexuality to save themselves but this changed the sexual expectations of women in european society. After a woman had confessed, the judge or leader could sentence the “witch”. She was often condemned to death by burning at the stake, drowning, or hanging. The woman’s family members would quickly move on with their lives for fear that members of the family would be associated with the crimes of the known witch. Other women of the community altered their behavior to appear more holy and pious after each trial to distance themselves from the memory of the polluted woman.

Image of suspected witches 1655


Intense periods of mass hysteria spiked the convictions of several women and ended with large public executions. The nobility and upper class viewed witchcraft as a threat to the social structure, while the lower class saw witches as a personal and moral threat (Bever 263). As long as the lower class did not threaten the upper class’s power or members the nobility would not intervene. Reform did not occur until a “critical mass” or certain amount of individuals grew tired of the convictions and killings (Bever 264).  Doubts about witches first began when ideas about witches started to solidify. Once the issues such as

questions about the physical reality and…experiences attributed to witches, explanations of these in terms of natural processes and mental deficiencies, and concern about the motivation and methods of the legal procedures used to prosecute them”

had reached the leaders of the western Europe they lost the belief in demons and demanded a reform in the judicial system (Bever 267). Confessions were obtained through torture and reformers rejected any admissions gained from it. This call for reform coupled with growing knowledge about the scientific causes of the plague and death decreased the amount of women accused of witchcraft. The individuals who had suffered from medical or economic disaster now had a physical thing to blame for their misfortunes and not their neighbor. Yet women had already changed their behavior and taught their daughters to do the same. As the belief in witches decreased, the amount of witch accusations decreased (Bever 287). Social elites were the first advocates for change in the legal system and the growing body of knowledge about the causes of disasters decreased the amount of women convicted of witchcraft. To see an example of the tension between reformers and those in charge, click here. By the time the belief in witchcraft had decreased women had altered their behavior so much so that “aggressive and abusive” women were no longer common. Women had left the medical field, changed sexual norms, and developed into the more passive sex. The fact that reform came from the demands of the male elite and not the middle class and peasant women exemplifies that the pressure on the female sex to conform and behave in an submissive manor.

Changed Behavior:

Image painted by Albercht Durer

Women in early modern Europe were disproportionally accused and convicted of witchcraft because it was believed that women were more naturally susceptible to temptation by the devil. The weaker sex was made from the rib of man and was therefore imperfect. Uncontrollable carnal desires of women often made them turn to demons for sexual pleasure and men were needed to protect women from the temptations of the devil. These beliefs were forced onto the early modern woman and she had to make herself appear more religious to avoid accusations of witchcraft. After a woman’s husband had died she would search for a new husband to avoid any accusations of witchcraft and by doing this she relinquished freedom. The women accused of these crimes often lived in communities with great economic, religious, and medical strife. Challenges to the accepted gender hierarchy increased tension and forced women to change their behavior. Midwives were disproportionally targeted by the all male physician guild because women were taking business away from the men; in order to avoid any charges, women began to drop out of the medical field and were excluded from the medical field for hundreds of years. In areas where Protestants and Catholics lived in close proximity, the communities were forced to have more than one religious view and women who practiced the less popular religion were more likely to be accused of witchcraft because the community was uncomfortable with the idea of societal change. These women were often charged with participating in ritual sacrifices, sexual deviance and participating in Sabbats. The trial involved torture and the search for the devil’s mark was embarrassing and evasive. Women partook in these exercises in an attempt to prove their innocence, but this practice contributed to the shaming of women’s sexuality.The leaders of the community eventually began not to believe in witchcraft and started to question the validity of the confessions solicited though torture; once the population of elites had reached a critical mass they would demand reform. The reforms and a growing understanding of the natural world because of scientific innovations decreased the amount of women being accused of witchcraft. As a result of years of prosecution women altered their behavior to protect themselves from the witch trials.

Find my sources here.

Like this:


March 25, 2014 in "Deviant" Women, Ideas about Women, Medicine, Religion, Uncategorized, Witchcraft.


Leave a Reply

Your email address will not be published. Required fields are marked *