01:198:442:01: Introduction to Computer Security

Spring 2008

General Information

Course number: 01:198:442:01, Index: 74619.
Instructor: Vinod Ganapathy (contact information).
Class hours: Monday and Wednesday, 5:00pm-6:20pm.
Class location: ARC-107.
Recitations: Monday, 6:55pm-7:50pm.
Recitation location: HLL-009.
Instructor's office hours: Wednesdays 6:30pm-7:30pm.
Teaching assistant: Chih-Cheng Chang. [ Recitation webpage ]
Teaching assistant's office hours: Tuesdays 3:30pm-4:30pm.
Required textbook: Introduction to Computer Security, by Matt Bishop, Addison-Wesley, October 2004. ISBN 0-321-24744-2
Additional reference: Security Engineering (free online copy), by Ross Anderson.
Prerequisites:
- 01:198:205 or 14:332:202, Discrete Mathematics (required)
- 01:198:416, Operating Systems (required)
- 01:198:352, Internet Technology is strongly recommended (though not required).

Announcements

(5/11/2008) - Grades have been posted, and this course has concluded. Archived announcements are available here for your enjoyment and edification.

Course overview

This course will be an undergraduate-level introduction to computer security and is targetted towards seniors, advanced juniors and first year graduate students.

Syllabus

The following is an approximate list of topics that we will cover.

Overview: Confidentiality, Integrity, Availability. Security policy and mechanism. Basic principles of secure system design.
Cryptography: Basic crypto primitives, Secret key crypto, Public key crypto, Digital signatures, Message authentication.
System security: Authentication, Access Control, Discussion of popular systems and security protocols.
Network security: Network protocols and attacks, Intrusions and Intrusion Detection, Firewalls, Viruses, Worms, Web security.
Software security: Memory errors and exploits, Isolation, Language-based analysis techniques, Secure coding practices.
Advanced topics: (time permitting) Virtual machines, Information flow, Privacy, Anonymity.

Schedule

Date	Topics	Reference	Slides
1/23/2008 (W)	Logistics. Introduction. Basic security principles.	Chapters 1 and 12.	PDF. PDF.
1/28/2008 (M)	Cryptography: Simple symmetric-key ciphers.	Chapter 8 (pages 97-107).	PDF (1-30).
1/30/2008 (W)	DES.	Chapter 8.	PDF (31-50).
2/4/2008 (M)	Public-key cryptography, Modular arithmetic, and RSA.	Chapter 8 (plus material from Lecture 5 handout).	PDF (51-end).
2/6/2008 (W)	RSA wrapup, MACs, Digital signatures	Lecture 5 handout	PDF
2/11/2008 (M)	DSA, Hash functions, HMACS. Homework 1 out	Lecture 6 handout	PDF
2/13/2008 (W)	Authentication and key exchange protocols I	Chapter 9 Anderson Ch 2	PDF
2/18/2008 (M)	Authentication and key exchange protocols II	Kerberos paper Anderson Ch 2	PDF
2/20/2008 (W)	Access Control Basics Homework 1 due	Chapters 2, 3 and 4	PDF
2/25/2008 (M)	Confidentiality and Integrity Policies (lecture by TA).	Chapters 5 and 6.	PDF
2/27/2008 (W)	Confidentiality and Integrity Policies	Chapters 6 and 7.	PDF
3/3/2008 (M)	Midterm exam
3/5/2008 (W)	Midterm discussion, Hybrid policies, and Format string attacks.	Team Teso paper	Powerpoint
3/10/2008 (M)	Buffer overflow attacks.	Paper by Aleph One	Powerpoint
3/12/2008 (W)	Buffer overflow attacks (continued)	Paper by Aleph One	Powerpoint
3/17/2008 (M)	No class - Spring recess	-	-
3/19/2008 (W)	No class - Spring recess	-	-
3/24/2008 (M)	Defending against memory attacks Homework 2 out	Stackguard, PointGuard, ASLR, ASLR Effectiveness.	PDF
3/26/2008 (W)	Reference monitors, Isolation, and Sandboxing	Chapter 16	PDF
3/31/2008 (M)	Intrusion detection	Chapter 22	PDF
4/2/2008 (W)	Network Security and Firewalls	Chapter 22	PDF
4/7/2008 (M)	Case study Homework 2 due	Chapter 23	PDF
4/9/2008 (W)	Web Security	Dos and Donts	PDF
4/14/2008 (M)	~~Web security: Threats~~ Cancelled	-	-
4/16/2008 (W)	Web Security: SSL/TLS, IPSec Homework 3 out	Lecture 22 handout	PDF
4/21/2008 (M)	Viruses and worms.	Chapter 19 Reflections	PDF
4/23/2008 (W)	Viruses and worms.	Chapter 19	PDF
4/28/2008 (M)	Information flow. Homework 3 due	Chapter 15	PDF
4/30/2008 (W)	Virtual machines; Anonymity.	Chapter 29, Chaum's paper	Powerpoint
5/5/2008 (M)	Final review	-	-
5/9/2008 (M)	Final exam (in ARC 107, 4pm-7pm)	-	-

Homeworks

There will be three homeworks over the course of the semester, some of which will involve programming (in C and assembly). Students can also choose to write a term paper on a topic of their choice (see track A grading below).

Homework 1: Assigned 2/11/2008. Due 2/20/2008.
Homework 2: Assigned 3/24/2008. Due 4/7/2008.
Homework 3: Assigned 4/14/2008. Due 4/23/2008.

Grading

There will be two tracks, a research track (track A), and a non-research track (track B). Students can choose whether they want track A grading or track B grading.

The main difference between the two tracks will be the weightage given to the final exam. For track A, the final exam will account for 25% and a term paper will account for 25% of the grade. For track B, the final exam will account for 50% of the final grade; no term paper is required.

Homeworks (30%). There will be three homeworks during the course of the semester.
Mid-term (20%). The mid-term will be held during the first week of March and will be based upon topics covered until then.
Final exam (track A: 25%, track B: 50%). The final exam will be held during the last week of the semester and will be based upon topics covered during the entire semester.
Term paper (25%, track A only). Students are expected to work on a term paper that is due at the end of the semester. Working alone or in teams of two, students will choose a topic, conduct research, and report their findings in a term paper (there's no hard page limit, but I expect approximately 10-12 single-spaced pages in not more than 11 point font).

Resources

Organizations

Tips to read an academic paper

How to read a paper, by Professor S. Keshav, Univerity of Waterloo.

Tips for good technical writing

You will find these sources useful for technical writing (e.g., your research project reports).

Writing a technical paper, by Professor Michael Ernst, MIT.
Tips for writing technical papers, by Professor Jennifer Widom, Stanford University.
Writing suggestions, by Professor Barton Miller, University of Wisconsin.
Three sins of authors in Computer Science and Math, by Professor Jonathan Shewchuk, UC Berkeley.
How to write a dissertation, by Professor Douglas Comer, Purdue University (most of the content on this page applies to all forms of technical writing).
On writing, by Professor Terence Tao, UCLA (though the advice is geared towards mathematicians, most of the tips apply to other academic prose as well).
The elements of style by William Strunk Jr. and E. B. White (follow the "External links" at the bottom of this page for online copies of this book).

Vinod Ganapathy