COMS W4181: Security 1 (Fall 2018)
Lecture Details
Instructor: Suman Jana
Office: Mudd 412
Office hours: 4-6 pm Wednesdays
TA Office hours: Miguel Arroyo (Tuesday 1-3 pm), Dennis Roellke (Thursday 4-6 pm)
Classroom: 403 International Affairs Building
Class hours: Monday and Wednesday (2:40-3:55 pm)
Description
This class will teach you different fundamental aspects of computer security including basics of cryptography, network security, host security, software and hardware security. The goal of this class is to explore different security problems that affect real-world systems and different techniques that can prevent/mitigate such issues.
Note:There will be no assigned textbook for the class and you are expected to read the assigned articles/papers/slides carefully.
Prerequisite
There is no formal prerequisite for this class but you should be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.
See the rules for the class.Grading
- programming assignments (4) - 56%
- Midterm - 20%
- Final (non-cumulative) - 20%
- Class participation - 4%
Books (optional): Network Security: Private Communication in a Public World, Thinking Security: Stopping Next Year's Hackers.
Schedule
Date | Topics | Lecture slides & Reading |
Sep 5 | Introduction & Threat models | intro.pptx, intro.pdf |
Sep 10 | Crypto I - basics, ciphers | crypto.ppt, crypto.pdf, optional reading: Network Security: Private Communication in a Public World 2nd ed. by Kaufman et al. (Chapters 5.1-2, 5.6-7, 2.1-6, 4.2, and 6.1-6) |
Sep 12 | Crypto II - public key, hash functions | |
Sep 17 | Crypto (cntd.) | |
Sep 19 | Crypto (cntd.) | Additional reading: Twenty Years of Attacks on the RSA Cryptosystem |
Sep 24 | Crypto in practice | crypto_fails.ppt, crypto_fails.pdf. HW1 is posted in CourseWorks and is due by 11:59pm on 15th Oct. |
Sep 26 | Network Security: SSL/TLS, HTTPS | ssl.ppt, ssl.pdf |
Oct 1 | Network Security: SSL/TLS, HTTPS | |
Oct 3 | Web Security | web_sec.pptx, web_sec.pdf |
Oct 8 | Web Security | |
Oct 10 | Network Security: TCP/IP, DNS, BGP | tcp-dns.pptx, tcp-dns.pdf |
Oct 15 | Network defense: Firewalls, VPNs, and Intrusion Detection | network-defense.pptx, network-defense.pdf |
Oct 17 | Network defense: Firewalls, VPNs, and Intrusion Detection | HW2 is posted in CourseWorks and is due by 11:59pm on 2nd Nov. |
Oct 22 | Denial of service attacks | dos.pptx, dos.pdf. Midterm covers all previous lectures and this one |
Oct 24 | Denial of service attacks (cntd.) | |
Oct 29 | Midterm Review | |
Oct 31 | Midterm | |
No class (academic holiday) | ||
Nov 7 | The View from Here: Cybersecurity from an industry insider | Guest lecture by Ben Johnson (CTO of Obsidian Security) HW3 is posted in CourseWorks and is due by 11:59pm on 19th Nov. |
Nov 12 | Memory corruption & defenses | memory_attacks.pptx, memory_attacks.pdf |
Nov 14 | Memory corruption & defenses | |
Nov 19 | Case Study: Memory Safety in Web Browsers | Guest lecture by Kevin Chen (Google) HW4 is posted in CourseWorks and is due by 11:59pm on 3rd Dec. |
Nov 21 | No class (Thanksgiving) | |
Nov 26 | Principle of least privilege/Access control | principles.pptx, principles.pdf |
Nov 28 | Principle of least privilege/Access control | |
Dec 3 | Sandboxing & Isolation | isolation.pptx, isolation.pdf |
Dec 5 | Sandboxing & Isolation (cntd.) | |
Dec 10 | Final |