†††††††††††

458: Information Security and Assurance

Yan Chen

 


 

I.                    Course description:

 

The past decade has seen an explosion in the concern for the security of information. This course introduces students to the basic principles and practices of computer and information security.  Focus will be on the software, operating system and network security techniques with detailed analysis of real-world examples. Topics include cryptography, authentication, software and operating system security (e.g., buffer overflow), Internet vulnerability (DoS attacks, viruses/worms, botnets, etc.), intrusion detection systems, firewalls, VPN, Web and wireless network security. 

 

II.                 Required text and/or other materials:

o        Network Security - Private Communication in a Public World, by Charlie Kaufman, Radia Perlman and Mike Speciner, 2nd Edition, Prentice Hall, 2002

o        Cryptography and Network Security, by William Stallings, 4th Edition, Prentice Hall, 2006

 

III.               Reference text and/or other materials:

o        Writing Secure Code, Michael Howard and David LeBlanc, Microsoft Press, 2002.

o        Security in Computing, Charles Pfleeger, Shari Lawrence Pfleeger, 3rd Edition, Prentice Hall, 2002.

o        Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edition, by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin, Addison Wesley, 2003

o        Lecture Notes on Cryptography, by S. Goldwasser and M. Bellare, available online at http://www-cse.ucsd.edu/users/mihir/papers/gb.html

o        Also, lecture slides and reference documents will be available online or as handouts.

 

IV.              Required prerequisites or knowledge base:

 

421 Principles of Computer and Information Technology

 

432 Communications Networks I

 

 

V.                 Rationale for inclusion in MSIT Program:

 

This course provides students with an extensive understanding of information security management with emphasis on network security.Whereas other courses provide an overview of the basics of the discipline, information security is simultaneously a technical and managerial discipline with enterprise-wide implications for employees, operations and systems at every level.For organizations to successfully implement and manage an effective and efficient security program while managing shifting risks associated with interrelated information technology and decision-making employees, contractors, vendors, and suppliers must understand the concepts, technologies and practices of information security and be able to apply them effectively in their own distinctive areas of responsibility.

 

VI.              Course goal:

 

1.      Understand the fundamental principles and underlying technologies of information security and assurance;

2.      Illustrate the security principles with the state-of-the-art security technologies and products through case studies.

 

VII.            Course Objectives:

 

Upon successful completion of this course, the student should be able to:

         Understand the basic principles for information and communication security, and be able to apply these principles to evaluate and criticize information system security properties

         Be able to identify the vulnerability of the Internet systems and recognize the mechanisms of the attacks, and apply them to design and evaluate counter-measure tools

 

VIII.         Course topics/content (by week):

 

Week 1 (March 29) [crypto.ppt]:

Cryptography symmetric/asymmetric encryption (Stallings Chapters 2, 3 and 9, KPS Chapters 2, 3 and 5)

        Symmetric encryption case study: DES/AES algorithms

        Asymmetric encryption case study: RSA

        One-way hash function and message digests: MD5, SHA1, SHA2

 

Week 2 (April 5) [authentication.ppt]:

User authentication and authorization and malcode overview (KPS Chapters 9 and 10)

        Authentication mechanisms: Password authentication, challenge-response authentication protocols, biometrics, token-based authentication (smart card),

        Authentication in distributed systems (case study: Microsoft Passport system)

        Internet Security Report from Symantec

        Overview on various malcode: virus, worms, botnets, Trojan horses, etc.

        Related paper: Password Security: A Case History, R. Morris and K. Thompson, Communications of ACM, vol.22 no.11, 1979.

        Items Due:

1.      April 6: botnet presentation slides for Roadrunners (Defense), Xeon (Offense)

2.      April 11: project part 1, for each individual student

3.      April 11: botnet paper summary for the other three groups

 

Week 3 (April 12) [malcode.ppt]:

Internet vulnerability: malcode, worms and botnets (Stallings Chapter 19)

        Analysis of worms: target discovery, carrier, activation mechanisms, payload and attackers.

        Related paper: A Taxonomy of Computer Worms, N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, the First ACM Workshop on Rapid Malcode (WORM), 2003.

        Related paper (DEBATE): A Multifaceted Approach to Understanding the Botnet Phenomenon, M. A. Rajab, et al, ACM IMC 2006.Road Runners (Defense), Xeon (Offense).

        Items Due:

1.      April 13: spam presentation slides for Weapons of Mass Propulsion (Defense), Excel (Offense)

2.      April 18: spam paper summary for the other three groups

 

 

Week 4 (April 19) [DoS.ppt]:

Internet vulnerability: denial of service (DoS) attacks (Stallings Ch.18 and 19)

        Homework 1 is out.

        Point-to-point DoS attacks

        Distributed DoS attacks (case study: TCP SYN flooding attacks)

        Network/Vulnerability scanner (case study: nmap and nessus (demo))

        Related paper:   Detecting SYN Flooding Attacks, H. Wang, D. Zhang, and K. G. Shin, in Proc. of IEEE INFOCOM, 2002 [Full version is at Change-Point Monitoring for Detection of DoS Attacks,  H. Wang, D. Zhang, and K. G. Shin, in IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 4, December 2004.].

        Related paper (DEBATE): Understanding the Network-Level Behavior of Spammers, A. Ramachandran and N. Feamster, ACM SIGCOMM 2006.[reference slides]Weapons of Mass Propulsion (Defense), Excel (Offense).

 

Week 5 (April 26) [invited_talk.pdf] [IDS.ppt] [snort.ppt]:

Network Access Control and Intrusion Detection/Prevention Systems (Stallings Ch.18 and 19)

        Invited talk on Network Access Control by Kurtis Minder, CISSP, Mirage Networks Inc.

        Case study on IDS/IPS: snort IDS.

        Items Due on April 27th: homework 1.

 

Week 6 (May 3) [pcidss.ppt] [healthcare.pdf] [dshield.pdf]:

Security issues in financial industry and healthcare

        Invited talk by Ronald Widitz, Senior Associate, Discover Financial Services.

        CYBER TRUST and INNOVATION in HEALTH CARE: Where Code, HIPAA and Fear meet (modified from Dr. Carol Diamondís talk at NSF Cyber Trust PI meeting 2008).

        Security information fusion with Internet Storm Center (DShield).

        Items Due on May 4th: presentation slides by each group for project part 2.

 

Week 7 (May 10):

Firewalls [firewalls.ppt] (Stallings Chapter 20)

        Different types of firewalls: packet filters, application gateway, and circuit gateway.

        Handout from Chapter 9 of Firewalls and Internet Security: Repelling the Wily Hacker.

        Information security in real business presentation by each group (problem and related work)

o       A Secure Network for All by Excel group

o       Keeping Laptops Secure by WiMP group

o       VoIP Security by Xeon group

o       Single Sign-on by Road Runners group

o       Wirless Authentication via EAP-FAST by Party of Five

 

Week 8 (May 17):

IPSec [ipsec.ppt] (Stallings Chapters16 and KPS Chapter 17)

        In-class quiz.

        IPSec architecture, transport vs. tunnel mode, practical issues w/ NAT.

        Case study on penetration testing: metasploit (metasploit basics and code for demo).

        Secure Wireless for Regulatory Compliance by Gartner analyst John Pescatore.

        Items Due on May 25th: presentation slides by Party of Five on wireless network authentication (project part III).

 

Week 9 (May 31):

Wireless network security [wirelessSec.pdf] and WWW Security and Defense [web.ppt]

        cross site scripting, SQL injection, shell attacks, etc. (demo tutorial).

        Technology integration for wireless network security and compliance.

        Wireless network authentication presentation by Party of Five.

        Items Due on June 1st: presentation slides by other groups for project part III.

        Note: we have the firewall handout available.Some students didnít pick it up last week.It can be a useful reference if you need to select/configure firewall later.

 

Week 10 (June 7):

Software Security and Buffer Overflow [principle.ppt][bufferOverflow.ppt]bufferOverflowDefense.ppt]

        Principles for building secure software systems

        Case study: sendmail vs. qmail

        Buffer overflow vulnerability and defense techniques

        Information security in real business presentation by each group (proposed solutions and analysis)

o       A Secure Network for All by Excel group

o       Keeping Laptops Secure by WiMP group

o       VoIP Security by Xeon group

o       Single Sign-on by Road Runners group

        Related papers:

o       Basic Principles Of Information Protection, from ďThe Protection of Information in Computer SystemsĒ, by J. H. Saltzer and M. D. Schroeder

o       Qmail handbook, Ch. 1, Introduction to Qmail

o       Smashing The Stack For Fun And Profit, Aleph One.

o       Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.

 

The lecture notes have incorporated course materials developed by Dan Boneh (Stanford), Wenke Lee (Georgia Tech), David Lie (U Toronto), Aleph One, Martin Roesch (Sourcefire Inc.), and David Dittrich (University of Washington).

 

I.                    Teaching methods: lectures, paper presentations, debate, project, homework and exam.

 

II.                 Assignments:

 

In addition to two to three homework assignments, students are expected to engage in technical paper reading, making presentations and debate.†† These papers are carefully selected (with little math!) which can be understood with the basic information security and networking knowledge.There will be three debates with one group as defense and one group as offense.The defense team will make 25-minute presentation on the main idea/techniques of the paper while the offense team will make a 15-minute presentation on the drawbacks/shortcomings of the approach.Then we will discuss and summarize the findings.

 

Presentation draft is due on Sun midnight of the presentation week.I will give comments on the following Mon or Tue for revision. This deadline also apply to the project presentation described below.For non-presenting groups, the summary is due on Friday midnight before the presentation class.

 

Your summary should include at least:

         Paper title and its author(s).

         Brief one-line summary.

         A paragraph of the one or two most significant new insight(s) you took away from the paper.

         A paragraph of the one or two most significant flaw(s) of the paper: maybe an experiment was poorly designed or the main idea had a narrow scope or applicability. Being able to assess weaknesses as well as strengths is an important skill for this course and beyond.

         A last paragraph where you state the relevance of the ideas today, potential future research suggested by the article, etc.

 

Project: each group will work on a quarter-long project called Information Security in Real Business with the following steps.

1)      Understanding the security requirements in your corporate/organization, using the four cornerstones of secure computing introduced in the class.Please describe the requirement, how your corporate/organization handles that requirement and what remains to be done to fully satisfy that requirement.The requirement does not need to be restricted to a technical one, but can be related to legal, business, social, or anything to do with information security.

 

This is required for each student.In the submission, please also give suggestions on the current syllabus, e.g., important topics which are currently missing, interesting extra teaching materials that you are aware of, etc.I will try to make adjustment based on the suggestions.The suggestion part is optional. It will not affect your grade if you donít have any.

 

2)      Based on the requirements, pick one problem that most of your group members have interest in, you believe is not yet well solved in your corporate/organization.†† Formulate a security problem and do some research on the related work. Please show how this problem is a general one that comes across multiple industry/education/government sectors.Also, give pros and cons on the existing work.†† Each group is expected to give a presentation on this in the class of week 7.

3)      Propose a solution to the problem you formulated, by either adopting existing solutions, or propose something new.Please be specific on how you will implement or have implemented the solutions, the cost/risk analysis, feasibility analysis, business/legal consequence, how this solution will fit different corporate context, like industry, education, government, etc. Each group is expected to give a presentation on this in the class of week 10.

 

III.               Grading criteria:

 

Class participation and discussions †††††††††††††††††† 20%

Paper summary and debate†††††††††††††††††††††††††††††† 25%

Homework assignments†††††††††††††††††††††††††††††††† 10%

Project submission and presentation††††††††††††††††† 25%

Quiz†††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††† 20%

 

IV.              Instructor profile:

 

Yan Chen is an Assistant Professor in the Department of Electrical Engineering and Computer Science at Northwestern University.He got his Ph.D. in Computer Science from the University of California at Berkeley in 2003.†† He has over ten years of experience in network security, network measurement, P2P systems and wireless and ad hoc networks from both academic and industry.He won the Department of Energy (DOE) Early CAREER award in 2005, the AFOSR (Air Force of Scientific Research) Young Investigator Award in 2007, and the Microsoft Trustworthy Computing Awards in 2004 and 2005 with his colleagues.†† His research is also sponsored by National Science Foundation (NSF) and Motorola.In addition to the industry sponsors, he has widely collaborated with industry researchers from AT&T, Yahoo, Keynote, National Laboratory for Applied Network Research (NLANR), and the Internet Storm Center of the SANS (SysAdmin, Audit, Network, Security) Institute.

 

Besides publishing in premier conferences such as ACM SIGCOMM, he has served on the technical program committee (TPC) of major networking and security conferences such as ACM MOBICOM, IEEE INFOCOM, and IEEE ICNP.†† He started several security courses at Northwestern University, including the EECS 350 Introduction to Computer Security, EECS 354 Network Penetration and Security, and EECS 450 Internet Security.He was awarded as a Searle Junior Fellow by the Searle Center for Teaching Excellence of Northwestern University in 2004.