01:198:419:01: Computer Security
Spring 2012
Quick Links:
[
Schedule
|
Homeworks
|
Project
|
Grading
|
Resources
]
General information
-
Course number: 01:198:419:01, Index: 76515.
-
Instructor:
Vinod Ganapathy
(contact information).
-
Instructor's office hours: Tuesday and Thursday 1:00pm-1:30pm in Core
309.
-
TA: Rezwana Karim.
-
TA's office hours: Wednesday 1:15pm-2:15pm in Core 337.
-
Class hours: Tuesday and Thursday 1:40pm-3:00pm in HLL-005.
-
Recitations: Tuesdays 3:35pm-4:30pm in HLL-005.
-
Required textbook:
Computer Security, Principles and Practice, Second Edition,
by William Stallings and Lawrie Brown, Pearson Education, Prentice Hall.
(If you have the first edition of this book, that is also okay).
-
Additional references:
-
Prerequisites: Both of the following:
- 01:198:205 or 14:332:312 or 14:332:202 - Discrete Mathematics.
- 01:198:416 - Operating Systems or 01:198:352 - Internet Technology.
-
Links to prior offerings of this course:
Fall
2010,
Spring
2010,
Fall
2008,
Spring
2008.
-
All announcements will be sent via Sakai to students
registered in the course
Course overview
This course will be an undergraduate-level introduction to computer security
and is targetted towards seniors and advanced juniors. Graduate students can
also register for this course, but are advised to consult the instructor before
doing so. We will cover both classic topics, such as applied cryptography,
authentication, authorization and basic security principles, as well as recent
topics such as Web security and virtual machines for security. For several
topics in the course (especially recent topics), we will occasionally read,
in addition to our textbook, research papers describing the state of the art.
Syllabus
The following is an approximate list of topics that we will cover.
- Overview: Confidentiality, Integrity, Availability. Security
policy and mechanism. Basic principles of secure system design.
- Cryptography: Basic crypto primitives, Secret key crypto, Public
key crypto, Digital signatures, Message authentication.
- System security: Authentication, Access Control, Discussion of
popular systems and security protocols.
- Network security: Network protocols and attacks, Intrusions and
Intrusion Detection, Firewalls, Viruses, Worms, Web security.
- Software security: Memory errors and exploits, Isolation,
Language-based analysis techniques, Secure coding practices.
- Advanced topics: Virtual machines, Information flow, Privacy,
Anonymity.
Schedule
Class handouts and research papers referenced in the schedule below
will be made available from Sakai. Classes will be held on the following dates
(to be filled into schedule below as semester progresses):
1/17,
1/19,
1/24,
1/26,
1/31,
2/2,
2/7,
2/9,
2/14,
2/16,
2/21,
2/23,
2/28,
3/1,
3/6,
3/8,
3/20,
3/22,
3/27,
3/29,
4/3,
4/5,
4/10,
4/12,
4/17,
4/19,
4/24,
4/26
| Date |
Topics |
Reference |
Slides |
| 1/17 |
Logistics. Introduction. Basic security principles. |
Chapter 1,
Lecture 1 handout |
PPT |
| 1/19 |
Cryptography: Simple symmetric-key ciphers. |
Chapter 2,
Chapter 20,
Basic crypto handout |
PPT |
| 1/24 |
DES. Modular arithmetic.
Homework 0 out
|
Chapter 2,
Chapter 20,
Appendix B,
Number theory + RSA handout |
Whiteboard
|
| 1/26 |
Public-key cryptography and RSA.
|
Chapter 2,
Chapter 21,
Appendix B,
Number theory+RSA handout.
|
Whiteboard
|
| 1/31 |
RSA wrapup, Diffie-Hellman
|
Chapter 2,
Chapter 21,
Appendix B,
Number theory+RSA handout.
|
Whiteboard |
| 2/2 |
DSA, Hash functions, MACs and HMACS.
Homework 0 due at 5pm
|
Chapter 21
|
PPT |
| 2/7 |
Authentication and key exchange protocols I
Homework 1 out
|
Authentication protocols handout
Anderson Ch 2
|
PPT |
|
Authentication and key exchange protocols II
|
Chapter 23
Kerberos paper (on Sakai)
|
PPT
|
|
Memory error exploits: Buffer overflows
|
Chapter 10,
Chapter 11,
Paper by Aleph One
|
PPT |
|
Defending against memory error exploits.
|
Stackguard,
ASLR
| PPT |
|
Midterm Review
Homework 1 due at 5pm
|
- |
- |
| 2/23 |
Midterm Exam (in class) |
- |
- |
|
Midterm discussion, Access control
|
Chapter 4 |
PDF |
|
Access Control; Confidentiality and Integrity Policies
Homework 2 out
|
Chapter 10 |
PDF |
|
Intrusion detection
Project out
|
Chapter 6 |
PDF |
|
Intrusion detection
|
Chapter 9 |
PDF |
|
Firewalls; Database security
Homework 2 due
|
Chapter 5 |
PDF
PDF |
|
Trusted computing
|
Chapter 10
Integrity measurement using TPM
|
- |
|
Web Application Security
Homework 3 out
Project design documents due
|
Dos and
Donts,
Chapter 21 |
PDF |
|
Web security
| Chapter 21 |
PDF |
|
Virtual machines
|
VMWare paper
(Sections 1-5 only)
Reflections
|
PDF |
|
Malware |
- |
PDF |
|
Information flow
Homework 3 due
|
Lecture 21 handout |
PDF
PDF |
|
Information flow
|
Lecture 21 handout |
PDF |
|
Email security and spam
Project demos
|
- |
- |
|
Final review
Project report and code due
|
- |
- |
| TBD |
Final exam |
TBD |
TBD |
Homeworks
There will be several homeworks over the course of the semester,
some of which will involve programming (in C and x86 assembly).
In addition, there will also be a final project that will involve
a significant amount of programming (in Java). Overall, homeworks
will account for 30% of your course grade.
- Homework 0: Topic: Modular arithmetic. (2.5% of course grade)
- Homework 1: Topic: Cryptography and security protocols. (7.5% of course grade).
- Homework 2: Topic: Exploiting buffer overflows. (10% of course grade).
- Homework 3: Topic: Network security and Web security. (10% of course grade).
Project
The course project involves designing and implementing a simple electronic
voting protocol. This project will involve a significant programming component
(in Java). The goal of this project is to expose you to several concepts in
applied cryptography, as well as programming using cryptographic primitives.
Please consult the project document (which will be posted on Sakai) for a
detailed overview, including details on project checkpoints, deadlines and
deliverables. A link to template client/server code that you can use as a
starting point for your own implementation will be made available on Sakai.
Grading
- Homeworks (30%). There will be several homeworks during the course
of the semester.
- Mid-term (20%). The mid-term will be held at the end of February
and will be based upon topics covered until then.
- Final exam (30%). The final exam will be held during the last
week of the semester and will be based upon topics covered during the entire
semester.
- Project (20%). The course project will be a significant exercise
involving the implementation of concepts covered in class.
You are allowed to discuss the problems in homework assignments with your
colleagues, provided that you acknowledge them in your writeup. The writeups
must however be your own. For the project, you will work in teams, and can
speak with members of other teams. However, each team must write its own
code. Any violation of these rules will be dealt with severely. Here is a
link to the
Rutgers University Academic Integrity Policy.
Resources
Organizations
Tips to read an academic paper
Tips for good technical writing
You will find these sources useful for technical writing (e.g., project
reports).
-
Writing a technical paper, by Professor Michael Ernst, MIT.
-
Tips for writing technical papers, by Professor Jennifer Widom, Stanford
University.
-
Writing suggestions, by Professor Barton Miller, University of Wisconsin.
-
Three sins of authors in Computer Science and Math, by Professor Jonathan
Shewchuk, UC Berkeley.
-
How to write a dissertation, by Professor Douglas Comer, Purdue University
(most of the content on this page applies to all forms of technical writing).
-
On writing, by Professor Terence Tao, UCLA (though the advice is geared
towards mathematicians, most of the tips apply to other academic prose as well).
- The elements of style
by William Strunk Jr. and E. B. White (follow the "External links"
at the bottom of this page for online copies of this book).
Vinod Ganapathy