01:198:419:01: Computer Security

Spring 2010

Quick Links: [ Schedule | Homeworks | Project | Grading | Resources ]

General information

Course number: 01:198:442:01, Index: 74505.
Instructor: Vinod Ganapathy (contact information).
TA:Nishat Islam (login@domain, login=nislam domain=cs.rutgers.edu).
Class hours: Tuesday/Friday 12:00pm-1:20pm in Hill 120.
Instructor's office hours: Thursdays 5:00pm-6:00pm in Core 309.
Recitations: Friday 10:35am-11:30am in SEC-207.
Required textbook: Computer Security, Principles and Practice, by William Stallings and Lawrie Brown, Pearson Education, Prentice Hall, 2008. ISBN-13: 978-0-13-600424-0; ISBN-10: 0-13-600424-5.
Additional references:
- Security Engineering (free online copy), by Ross Anderson.
- Introduction to Computer Security, by Matt Bishop, Addison-Wesley, October 2004. ISBN 0-321-24744-2
Prerequisites: Both of the following:
- 01:198:205 or 14:332:312 or 14:332:202 - Discrete Mathematics.
- 01:198:416 - Operating Systems or 01:198:352 - Internet Technology.

Course overview

This course will be an undergraduate-level introduction to computer security and is targetted towards seniors and advanced juniors. Graduate students can also register for this course, but are advised to consult the instructor before doing so. We will cover both classic topics, such as applied cryptography, authentication, authorization and basic security principles, as well as recent topics such as Web security and virtual machines for security. For several topics in the course (especially recent topics), we will occasionally read, in addition to our textbook, research papers describing the state of the art.

Syllabus

The following is an approximate list of topics that we will cover.

Overview: Confidentiality, Integrity, Availability. Security policy and mechanism. Basic principles of secure system design.
Cryptography: Basic crypto primitives, Secret key crypto, Public key crypto, Digital signatures, Message authentication.
System security: Authentication, Access Control, Discussion of popular systems and security protocols.
Network security: Network protocols and attacks, Intrusions and Intrusion Detection, Firewalls, Viruses, Worms, Web security.
Software security: Memory errors and exploits, Isolation, Language-based analysis techniques, Secure coding practices.
Advanced topics: Virtual machines, Information flow, Privacy, Anonymity.

Schedule

Class handouts and research papers referenced in the schedule below will be made available from Sakai.

Date	Topics	Reference	Slides
1/19/10 (T)	Logistics. Introduction. Basic security principles.	Chapter 1, Lecture 1 handout	PDF
1/22/10 (F)	Cryptography: Simple symmetric-key ciphers.	Chapter 2, Chapter 19, Lecture 2 handout	PDF
1/26/10 (T)	DES. Modular arithmetic. Homework 0 out	Chapter 2, Chapter 19, Appendix A, Lecture 2 handout (Contd.)	PDF
1/29/10 (F)	Public-key cryptography and RSA.	Chapter 2, Chapter 20, Appendix A, Lecture 4 handout	-
2/2/10 (T)	RSA wrapup, Diffie-Hellman Homework 0 due	Chapter 2, Chapter 20, Appendix A, Lecture 4 handout (Contd.)	-
2/5/10 (F)	DSA, Hash functions, MACs and HMACS. Homework 1 out	Chapter 20	PDF
2/9/10 (T)	Authentication and key exchange protocols I	Lecture 7 handout Anderson Ch 2	PDF
2/12/10 (F)	Authentication and key exchange protocols II	Chapter 22 (22.1) Kerberos paper	PDF
2/16/10 (T)	Access Control Homework 1 due	Chapter 4	PDF
2/19/10 (F)	Confidentiality and Integrity Policies	Chapter 10	PDF
2/23/10 (T)	No class (out of town)
2/26/10 (F)	Midterm exam (cancelled)
3/2/10 (T)	Midterm Exam	-	-
3/5/10 (F)	Midterm discussion, Memory error exploits: Buffer overflows Homework 2 out	Chapter 11, Chapter 12, Paper by Aleph One	PDF
3/9/10 (T)	Defending against memory error exploits.	Stackguard, ASLR	PDF
3/12/10 (F)	Intrusion detection Project out	Chapter 6	PDF
3/23/10 (T)	Intrusion detection	Chapter 9	PDF
3/26/10 (F)	Firewalls; Database security Homework 2 due	Chapter 5	PDF
3/30/10 (T)	Trusted computing Project design documents due	Chapter 10 Integrity measurement using TPM	PDF
4/2/10 (F)	Web Application Security Homework 3 out	Dos and Donts, Chapter 21	PDF
4/6/10 (T)	Web security	Chapter 21	PDF
4/9/10 (F)	No class (out of town)
4/13/10 (T)	Web security (continued).	Chapter 21	PDF
4/16/10 (F)	Malware; Virtual machines Homework 3 due	VMWare paper (Sections 1-5 only) Reflections	PDF
4/20/10 (T)	Malware (continued	-	PDF
4/23/10 (F)	Information flow	Lecture 21 handout	PDF PDF
4/27/10 (T)	Information flow Project demos Project report and code due	Lecture 21 handout	PDF
4/30/10 (F)	Final review	-	-
5/6/2010	Final exam (May 6, 2010, 12:00pm-3:00pm)	-	-

Homeworks

There will be several homeworks over the course of the semester, some of which will involve programming (in C and x86 assembly). In addition, there will also be a final project that will involve a significant amount of programming (in Java). Overall, homeworks will account for 30% of your course grade.

Homework 0: Topic: Modular arithmetic. (5% of course grade)
Homework 1: Topic: Cryptography and security protocols. (7.5% of course grade).
Homework 2: Topic: Exploiting buffer overflows. (10% of course grade).
Homework 3: Topic: Network security. (7.5% of course grade).

Project

The course project involves designing and implementing a simple electronic voting protocol. This project will involve a significant programming component (in Java). The goal of this project is to expose you to several concepts in applied cryptography, as well as programming using cryptographic primitives. Please consult the project document (which will be posted on Sakai) for a detailed overview, including details on project checkpoints, deadlines and deliverables. A link to template client/server code that you can use as a starting point for your own implementation will be made available on Sakai.

Grading

Homeworks (30%). There will be several homeworks during the course of the semester.
Mid-term (20%). The mid-term will be held at the end of February and will be based upon topics covered until then.
Final exam (30%). The final exam will be held during the last week of the semester and will be based upon topics covered during the entire semester.
Project (20%). The course project will be a significant exercise involving the implementation of concepts covered in class.

You are allowed to discuss the problems in homework assignments with your colleagues, provided that you acknowledge them in your writeup. The writeups must however be your own. For the project, you will work in teams, and can speak with members of other teams. However, each team must write its own code. Any violation of these rules will be dealt with severely. Here is a link to the Rutgers University Academic Integrity Policy.

Resources

Organizations

Tips to read an academic paper

How to read a paper, by Professor S. Keshav, Univerity of Waterloo.

Tips for good technical writing

You will find these sources useful for technical writing (e.g., project reports).

Writing a technical paper, by Professor Michael Ernst, MIT.
Tips for writing technical papers, by Professor Jennifer Widom, Stanford University.
Writing suggestions, by Professor Barton Miller, University of Wisconsin.
Three sins of authors in Computer Science and Math, by Professor Jonathan Shewchuk, UC Berkeley.
How to write a dissertation, by Professor Douglas Comer, Purdue University (most of the content on this page applies to all forms of technical writing).
On writing, by Professor Terence Tao, UCLA (though the advice is geared towards mathematicians, most of the tips apply to other academic prose as well).
The elements of style by William Strunk Jr. and E. B. White (follow the "External links" at the bottom of this page for online copies of this book).

Vinod Ganapathy