EECS 350 Introduction to Computer
Yan Chen, Assistant Professor
L459, Tech Institute, 491-4946. ychen AT northwestern.edu
Office Hours: 5 - 6pm Tuesday or by appointment, L459, Tech Institute.
Office Hours: 4-6pm Wednesday, Rm 2-207, Ford Center.
Location and Time
Lectures: Tuesday and Thursday
3:30 - 4:50pm, L158, Tech Inst.
past decade has seen an explosion in the concern for the security of
information. This course introduces students to the basic principles and
practices of computer and information security.
Focus will be on the software, operating system and network security
techniques with detailed analysis of real-world examples. Topics include
cryptography, authentication, software and operating system security (e.g.,
buffer overflow), Internet vulnerability (DoS attacks, viruses/worms, etc.),
intrusion detection systems, firewalls, VPN, Web and wireless security. This course can help satisfy the project
course requirement for undergraduates and satisfy the breadth requirement in
computer systems for system Ph.D. students.
- Required: EECS 213 or (ECE
205 and 231) or any equivalent operating systems introductory courses or
- Highly recommended: EECS 340
or equivalent networking introductory course
- Required books:
- Recommended books and
- Writing Secure Code, Michael Howard and David
LeBlanc, Microsoft Press, 2002.
- Security in Computing,
Charles Pfleeger, Shari Lawrence
Pfleeger, 3rd Edition, Prentice Hall, 2002.
- Firewalls and Internet Security:
Repelling the Wily Hacker, 2nd edition, by William R. Cheswick,
Steven M. Bellovin, and Aviel D. Rubin, Addison Wesley, 2003
- Lecture Notes on
Cryptography, by S. Goldwasser and M. Bellare, available online at http://www-cse.ucsd.edu/users/mihir/papers/gb.html
- Also, lecture slides
and reference documents will be available online.
- Participation 10%
- Homework 10%
- Projects 40%
- Mid-term Exam 20%
- Final Exam 20%
1. Understand the fundamental principles and underlying technologies of
information security and assurance;
2. Illustrate the security principles with the state-of-the-art security
technologies and products through case studies.
- Understand the basic
principles for information and communication security, and be able to
apply these principles to evaluate and criticize information system
- Be able to use some important
and popular security tools, like encryption, digital signatures,
firewalls, intrusion detection systems (IDS)
- Be able to identify the
vulnerability of the Internet systems and recognize the mechanisms of the
attacks, and apply them to design and evaluate counter-measure tools
Course Topics (tentative)
and overview of computer security
definition, policy, mechanisms, services and models
to cryptography, symmetric/asymmetric encryption
key case study: DES/AES algorithms
key case study: RSA
hash function and message digests: MD5, SHA2
overflow, heap overflow and string format bugs
techniques: static program analysis vs. run-time detection
system security techniques
with bad (legacy) codes: sandboxing
security, file system security
access control, public key infrastructure (PKI, briefly)
worms, Trojan horses
detection systems (IDSs): host- vs. network- based, signature vs.
study: Snort and Bro
VPN and IPsec
and wireless network security
Using cryptographic software
(like PGP) for secure data transfer and authentication
Using and configuring a
signature-based intrusion detection system (like snort), and implementing a
tiny statistics-based IDS system to detect denial-of-service attacks and port
scans with real router traffic (code templates and algorithms will be
Exploit of buffer overflow bugs
and format string bugs which count for most notorious viruses/worms.
- Course web site:
http://www.cs.northwestern.edu/~ychen/classes/cs350-w07/. Check it out
regularly for schedule changes, clarifications and corrections to
assignments, and other course-related announcements.
- Email list and newsgroup
(cs.compsec) is available for announcement, and posting questions and
- Late policy:
Unless otherwise indicated, homeworks and projects are due 11:59pm on
their due date. If you hand in an assignment late, we will take off 10%
for each day (or portion thereof) it is late.
It's OK to ask someone about the concepts, algorithms, or approaches needed
to do the project assignments, I encourage you to do so; both giving and
taking advice will help you to learn. However, what you turn in must be
your own, or for projects, your group's own work; copying other people's
code, solution sets, or from any other sources is strictly prohibited. We
will punish transgressors severely.