01:198:442:01: Introduction to Computer Security

Fall 2008

General information

Course number: 01:198:442:01, Index: 14120.
Instructor: Vinod Ganapathy (contact information).
Class hours: Monday and Wednesday, 5:00pm-6:20pm.
Class location: ARC-105.
Recitations: Wednesday, 6:55pm-7:50pm.
Recitation location: ARC-205.
Instructor's office hours: Mondays, 6:30pm-7:30pm.
Teaching assistant: Chih-Cheng Chang. [ Recitation webpage ]
Teaching assistant's office hours: Thursday 3:00pm-4:00pm.
Required textbook: Computer Security, Principles and Practice, by William Stallings and Lawrie Brown, Pearson Education, Prentice Hall, 2008. ISBN-13: 978-0-13-600424-0; ISBN-10: 0-13-600424-5.
Additional reference: Security Engineering (free online copy), by Ross Anderson.
Prerequisites:
- 01:198:205 or 14:332:202, Discrete Mathematics (required)
- 01:198:416, Operating Systems (required)
- 01:198:352, Internet Technology is strongly recommended (though not required).
Note that these pre-requisites can be waived upon consent by the instructor.

Announcements

(8/19/08) Preliminary class schedule is up. See you at the first class, on Wednesday 9/3/08!

[ Old announcements ]

Course overview

This course will be an undergraduate-level introduction to computer security and is targetted towards seniors, advanced juniors and first year graduate students. We will cover both classic topics, such as applied cryptography, authentication, authorization and basic security principles, as well as recent topics such as Web security and virtual machines for security. For several topics in the course (especially recent topics), we will occasionally read, in addition to our textbook, research papers describing the state of the art.

Syllabus

The following is an approximate list of topics that we will cover.

Overview: Confidentiality, Integrity, Availability. Security policy and mechanism. Basic principles of secure system design.
Cryptography: Basic crypto primitives, Secret key crypto, Public key crypto, Digital signatures, Message authentication, Secret sharing, Oblivious transfer, Bit commitment schemes.
System security: Authentication, Access Control, Discussion of popular systems and security protocols.
Network security: Network protocols and attacks, Intrusions and Intrusion Detection, Firewalls, Viruses, Worms, Web security.
Software security: Memory errors and exploits, Isolation, Language-based analysis techniques, Secure coding practices.
Advanced topics: (time permitting) Virtual machines, Information flow, Privacy, Anonymity.

Schedule

Links to class handouts and research papers referenced on the schedule below are accessible from machines on the rutgers.edu domain.

Date	Topics	Reference	Slides
9/3/08 (W)	Logistics. Introduction. Basic security principles.	Chapter TBD	PDF. PDF.
9/8/08 (M)	Cryptography: Simple symmetric-key ciphers.	Chapter TBD	PDF
9/10/08 (W)	DES.	Chapter TBD.	PDF
9/15/08 (M)	Public-key cryptography, Modular arithmetic, and RSA. Homework 0 out (not graded)	Chapter TBD	PDF
9/17/08 (W)	RSA wrapup, MACs, Digital signatures	Lecture 5 handout	PDF
9/22/08 (M)	DSA, Hash functions, HMACS. Homework 1 out Project out	Lecture 6 handout	PDF
9/24/08 (W)	Authentication and key exchange protocols I	Chapter TBD Anderson Ch 2	PDF
9/29/08 (M)	Authentication and key exchange protocols II	Kerberos paper Anderson Ch 2	PDF
10/1/08 (W)	Access Control Basics Homework 1 due	Chapter TBD	PDF
10/6/08 (M)	Confidentiality and Integrity Policies	Chapter TBD	PDF
10/8/08 (W)	Confidentiality and Integrity Policies	Chapter TBD	PDF
10/13/08 (M)	Midterm exam
10/15/08 (W)	Midterm discussion, Hybrid policies, and Format string attacks. Project design documents due	Team Teso paper	PDF
10/20/08 (M)	Buffer overflow attacks. Homework 2 out	Paper by Aleph One	PDF
10/22/08 (W)	Buffer overflow attacks (continued)	Paper by Aleph One	PDF
10/27/08 (M)	Defending against memory attacks	Stackguard, PointGuard, ASLR, ASLR Effectiveness.	PDF
10/29/08 (W)	Reference monitors, Isolation, and Sandboxing	Chapter TBD	PDF
11/3/08 (M)	Intrusion detection	Chapter TBD	PDF
11/5/08 (W)	Network Security and Firewalls Homework 2 due	Chapter TBD	PDF
11/10/08 (M)	Case study	Chapter TBD	PDF
11/12/08 (W)	Web Security Homework 3 out	Dos and Donts	PDF
11/17/08 (M)	Web security: Threats	Chapter TBD	PDF
11/19/08 (W)	Web Security: SSL/TLS, IPSec	Lecture 22 handout	PDF
11/24/08 (M)	Viruses and worms. Homework 3 due	Chapter TBD Reflections	PDF
12/1/08 (M)	Viruses and worms. Project demos to mentors (preliminary)	Chapter TBD	PDF
12/3/08 (W)	Information flow.	Chapter TBD	PDF
12/8/08 (M)	Virtual machines; Anonymity.	Chapter TBD Chaum's paper	PDF
12/10/08 (W)	Final review Final project demos	-	-
TBD	Final exam	-	-

Homeworks

There will be three homeworks over the course of the semester, some of which will involve programming (in C and x86 assembly). In addition, there will also be a final project that will involve a significant amount of programming (in Java).

Homework 1: Topic: Cryptography and security protocols.
Homework 2: Topic: Exploiting buffer overflows.
Homework 3: Topic: Network security.

Project

The course project will involve designing and implementing a simple mobile social networking application using OpenMoko Linux smart phones. You will be required to implement the basic social networking protocol as well as a simple mechanism to obtain location privacy. This project will involve a significant programming component (in Java) and familiarity with Operating Systems concepts as covered in 198:416. Details on this project will be announced at the beginning of the semester.

Grading

Homeworks (30%). There will be three homeworks during the course of the semester.
Mid-term (20%). The mid-term will be held during the first week of March and will be based upon topics covered until then.
Final exam (30%). The final exam will be held during the last week of the semester and will be based upon topics covered during the entire semester.
Project (20%). The course project will be a significant exercise involving the implementation of concepts covered in class.

You are allowed to discuss the problems in homework assignments with your colleagues, provided that you acknowledge them in your writeup. The writeups must however be your own. For the project, you will work in teams, and can speak with members of other teams. However, each team must write its own code. Any violation of these rules will be dealt with severely. Here is a link to the Rutgers University Academic Integrity Policy.

Resources

Organizations

Tips to read an academic paper

How to read a paper, by Professor S. Keshav, Univerity of Waterloo.

Tips for good technical writing

You will find these sources useful for technical writing (e.g., project reports).

Writing a technical paper, by Professor Michael Ernst, MIT.
Tips for writing technical papers, by Professor Jennifer Widom, Stanford University.
Writing suggestions, by Professor Barton Miller, University of Wisconsin.
Three sins of authors in Computer Science and Math, by Professor Jonathan Shewchuk, UC Berkeley.
How to write a dissertation, by Professor Douglas Comer, Purdue University (most of the content on this page applies to all forms of technical writing).
On writing, by Professor Terence Tao, UCLA (though the advice is geared towards mathematicians, most of the tips apply to other academic prose as well).
The elements of style by William Strunk Jr. and E. B. White (follow the "External links" at the bottom of this page for online copies of this book).

Vinod Ganapathy