Course Lecture Plan

Date

Lectures Topics

Notes

Reading

Assignment

Mon 1/3

Class overview, motivation and overview of computer security

[ppt]

Stallings, Chapter 1

Project 1 out.

Wed 1/5

Cryptography: symmetric encryption (DES/AES algorithms)

[ppt]

Stallings, Chapter 2.1-2.3, 3.2-3.3

KPS, Chapter 3.1-3.3

 

Mon 1/10

Cryptography: asymmetric encryption (RSA)

[ppt]

KPS, Chapter 6.1-6.3

Stallings, Chapter 9

Homework 1 out. 

Wed 1/12

Cryptography: one-way hashing and message digests (MD5, SHA-1)

[ppt]

KPS, Chapter 5.1-5.2, 5.5-5.6

Stallings 11.4-11.5, 12.1-12.2

Project 1 in

Mon 1/17

User Authentication

[ppt]

KPS, Chapter 9.6-9.7, 10.1-10.3, 10.8, 10.10,

Stallings Ch. 18.3

 

Wed 1/19

Guest lecture by Tamara Teslovich

distributed system authentication

[ppt]

[Guest lecture]

Stallings Ch. 19

Homework 1 in.  

Project 2 out.

Mon 1/24

Internet vulnerability: malcode overview, viruses, worms

[ppt]

Stallings Ch. 19

A Taxonomy of Computer Worms, N. Weaver, V. Paxson, S. Staniford, and R. Cunningham,  the First ACM Workshop on Rapid Malcode (WORM), 2003.

 

Wed 1/26

Internet vulnerability: denial of service (DoS)

Securing the Internet: intrusion detection systems

[ppt]

KPS 23.6

1.     Detecting SYN Flooding Attacks, H. Wang, D. Zhang, and K. G. Shin, in Proc. of IEEE INFOCOM, 2002

2.     Change-Point Monitoring for Detection of DoS Attacks,  H. Wang, D. Zhang, and K. G. Shin, in IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 4, December 2004.

 Homework 2 out.

Mon 1/31

Securing the Internet: intrusion detection systems (cont’d), Snort IDS.

[ppt]

[snort.ppt]

Stallings Ch. 18.2

http://www.snort.org/docs/

 

Wed 2/2

Review for Midterm

 

 

Homework 2 in.

Mon 2/7

Midterm

Wed 2/9

Midterm grading review / Project 2 discussion

[proj2.ppt]

 

 

Mon 2/14

Securing the Internet: firewalls, VPN

[ppt]

1.    Handout from Ch. 9 of “Firewalls and Internet Security”

2.    Stallings 20.1

 

Wed 2/16

Software security: principles

Case study: sendmail vs. qmail

[ppt]

Qmail handbook, Ch. 1, Introduction to Qmail

 

Project 2 in. Project 3 out. 

Mon 2/21

Software security: buffer/heap overflow

[ppt]

Smashing The Stack For Fun And Profit, Aleph One.

 

Wed 2/23

Compiler prime on run-time program environment.  Defense for buffer overflow

[compiler.ppt]

[defense.ppt]

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.

 

Mon  2/ 28

OS security: overview, access control, setuid, etc.

[ppt]

Handout:

1.  Advanced Programming in the Unix Environment, Richard. Stevens, Addison-Wesley, 1992.  Ch 8.10 Changing User IDs and Group IDs

2. Security in Computing, Charles Pfleeger, Shari Lawrence Pfleeger, 3rd Edition, Prentice Hall, 2002. Ch. 5.4 Trusted Operating System Design

Homework 3 out

Wed 3/2

IP Security

[ppt]

KPS Ch. 17

Stallings Ch. 16

 

Mon 3/7

Wireless and cellular network security

[ppt]

 

 

Wed 3/9

Review for final

 

 

Homework 3 in.

Project 3 in.

 

Notes:

  1. KPS = Network Security - Private Communication in a Public World, by Charlie Kaufman, Radia Perlman and Mike Speciner, 2nd Edition, Prentice Hall, 2002.
  2. Stallings = Cryptography and Network Security, by William Stallings, 3rd Edition, Prentice Hall, 2003.
  3. The lecture notes have incorporated course materials developed by Dan Boneh (Stanford), Wenke Lee (Georgia Tech), David Lie (U Toronto), Aleph One, and Martin Roesch (Sourcefire Inc.).