COMS E6183: Advanced Topics in Network Security
Instructor: Suman Jana
Office: Mudd 412
Office hours: Wednesday 2:45-4:15 pm or by appointment
Classroom: 486 CSB (Clic Lab)
Class hours: Wednesdays (6:10-8 pm)
Description
The goal of this class is to study the state of the art in systems and network security research. A project is required.Grading
| Quizzes/homeworks (3) | 35% |
| Project | 50% |
| Class participation (reading 2/3 papers per class) | 15% |
Schedule
| Date | Lectures | Reading |
| Jan 20 | Introduction & Overview | Computer Security in the Real World , Real World Fuzzing |
| Jan 27 | Memory corruption attacks (slides:ppt, pdf) | Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade , Basic integer overflows |
| Feb 3 | Sandboxing and isolation (slides:ppt, pdf) | Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, Efficient Software-Based Fault Isolation |
| Feb 10 | Principle of least privilege, access control, and operating systems security (slides:ppt, pdf) | SetUID demystified, Operating Systems Security (Chapter 4) (Project proposals due before class) |
| Feb 17 | Class cancelled | Homework 1 assigned |
| Feb 24 | Tools for finding bugs (slides:ppt, pdf) | KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (Homework 1 due before class) | Mar 2 | Denial of service attack (slides:ppt, pdf) | The DDoS That Almost Broke the Internet |
| Mar 9 | Basics of web security (slides:ppt, pdf) | The Security Architecture of the Chromium Browser ( Homework 2 assigned) |
| Mar 16 | No class (spring recess) | No class (spring recess) |
| Mar 23 | Web application security (slides:ppt, pdf) | Cross site scripting explained , SQL Injection attacks, Robust Defenses for Cross-Site Request Forgery (Homework 2 due before class) |
| Mar 30 | Web application security (cntd.) | (Mid-project status reports due before class) ) |
| April 6 | Session management and user authentication (slides: ppt, pdf) | |
| April 13 | Content Security Policies (CSP), Web workers, and extensions (slides: pdf) | (Homework 3 assigned) |
| April 20 | Mobile security (slides: ppt, pdf) | (Homework 3 due before class) |
| April 27 | Attacks on Internet protocols: TCP/IP, DNS, BGP SSL and certificates | |
| May 4 | Project presentations | |
| May 11 | Project presentations/ Final reports due |