Danfeng (Daphne) Yao.

Office hours: Wednesday 3:30-4:30pm in CoRE 318A Busch Campus

Email: danfeng at cs dot rutgers dot edu

Class Hour and Place

MW 1:40pm - 3:00pm Busch Campus.

Announcements

Course Descriptions

Information security is about how to protect the confidentiality, integrity, and availability of information. This is a lecture-based course on information security for graduate students. The course will provide participants with a broad and in-depth understanding of important research problems and approaches in the area of information security. We will also read and discuss research papers on selected topics during the course.

I will give slides and/or lecture notes. Most of the course materials to be covered are condensed from research papers. I will give a (short) reading list of papers when the class starts.

The course is in A category (theory) and can be used to satisfy the breadth requirement.

Prerequisite

There is no formal prerequisite. However, knowledge on undergraduate-level discrete math, operating systems, and networking is expected.

Textbook

There will be no textbook required for the course.

Recommended readings (available in the Math Library):

• Computer Security: Art and Science by Matt Bishop.
• Security in Computing (fourth edition) by Charles P. Pfleeger and Shari Lawrence Pfleeger.

Topics (see also Schedule):

info-sec-TOC.PDF

Grading:

• Mid-term exam: 30%
  
• Project: 60%

  (3-paragraph proposal: 10%, 1.5-page intermediate report: 20%, 3-page final report and 15-minute presentation: 30%)
  

• Class participation: 10%

Expected work:

Students are required to attend all lectures. There will be a take-home mid-term exam and a final project. At the end of the course, students are expected to give presentations on their final projects. Read here for information on project.

Important Dates

• Take-home exam date: 10/28 -- 10/30
• Project proposal due: 10/15 (Wedensday)
• Project update due: 11/12 (Wednesday)
• Project final report due: 12/11 (Thursday)
• Project presentation: Week of 12/08

Schedule

Dates

Theme

Topics

Readings

Notes

09/03:

Fundamentals

Basic concepts, security models and definitions, signature scheme, digital credentials, security proofs

TBA

09/08, 09/10:

Fundamentals cont'd, authentication

Anonymity, privacy, user and data authentication, biometrics, authenticated dictionary

TBA

09/15, 09/17:

Authentication cont'd

Merkle hash tree, broadcast authentication, digital signature, data integrity

TBA

09/22, 09/24:

Identity management

Digital identity management: federated ID management, notarized FIM, anonymous credentials

TBA

09/29, 10/01:

Data integrity, authentication in outsourced computing

Time-stamping, auditing, security issues and solutions for outsourced computing

TBA

10/06, 10/08:

Network security

Basic network concepts, threat models, SSL, https, PKI, DoS

TBA

10/13, 10/15:

Network attacks and defenses

Phishing, pharming attacks, DNS security, BGP origin authentication

TBA

10/20, 10/22:

Email security

Authentication, confidentiality, domain-level authentication

TBA

10/27, 10/29:

Intrusion detections

Botnet detection, firewalls, IDS

TBA

11/03, 11/05:

Browser security

Same origin policy, XSS, XSRF attacks, mashup security

TBA

11/10, 11/12:

System design and verification

Model checking, risk analysis, least-privilege, separation of duty

TBA

11/17, 11/19:

Access control and trust management

RBAC, role hierarchy, decentralization, reputation system, key management

TBA

11/24, 11/26:

Authorization in Web 2.0

Usable security, privacy in social networks

TBA

12/01, 12/03:

Identity-based encryption and its applications

Hidden credential, forward security, identity escrow, attribute-based encryption

TBA

12/08, 12/10:

Student presentations

Project

Every participant will carry out an individual class project that is related to the analysis and design of a security model or method. Prototype implementation is a plus but is not required for this course. The instructor will give a list of candidate topics to choose from. But you are welcome to select whatever project that interests you. Working as a group is allowed, but needs approval from the instructor.

• 3-paragraph proposal: Please be brief in the proposal. Add necessary references. The proposal should be organized as follows. The first paragraph states the motivation for the project -- what is the problem that you want to solve. The second paragraph states your approach -- what is your plan to solve the problem. The third paragraph states the expected advantages of your approach -- why your solution would be better than the existing ones. The instructor will give feedbacks on your proposal.
• 1.5-page intermediate report: Please clearly state your findings and remaining issues and challenges to be looked into. The instructor will give feedbacks on your intermediate report.
• 3-page final report and 15-minute presentation: Please write a short paper on your project with the complete story: introduction with motivation and examples, your approach/method, challenges, advantages of your approach, future work, and references. Please prepare a 10 to 15 minutes presentation on your project. Expect to be able to answer questions from the audience.

Candidate project topics: TBA

Resources

Information Security Dictionary