COMS E6183: Advanced Topics in Network Security


Instructor: Suman Jana
Office: Mudd 412
Office hours: Wednesday 2:45-4:15 pm or by appointment
Classroom: 486 CSB (Clic Lab)
Class hours: Wednesdays (6:10-8 pm)

Description

The goal of this class is to study the state of the art in systems and network security research. A project is required.

Grading

Quizzes/homeworks (3) 35%
Project 50%
Class participation (reading 2/3 papers per class) 15%

Schedule

Date Lectures Reading
Jan 20 Introduction & Overview Computer Security in the Real World , Real World Fuzzing
Jan 27 Memory corruption attacks (slides:ppt, pdf) Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade , Basic integer overflows
Feb 3 Sandboxing and isolation (slides:ppt, pdf) Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, Efficient Software-Based Fault Isolation
Feb 10 Principle of least privilege, access control, and operating systems security (slides:ppt, pdf) SetUID demystified, Operating Systems Security (Chapter 4)
(Project proposals due before class)
Feb 17 Class cancelled Homework 1 assigned
Feb 24 Tools for finding bugs (slides:ppt, pdf) KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (Homework 1 due before class)
Mar 2 Denial of service attack (slides:ppt, pdf) The DDoS That Almost Broke the Internet
Mar 9 Basics of web security (slides:ppt, pdf) The Security Architecture of the Chromium Browser ( Homework 2 assigned)
Mar 16 No class (spring recess) No class (spring recess)
Mar 23 Web application security (slides:ppt, pdf) Cross site scripting explained , SQL Injection attacks, Robust Defenses for Cross-Site Request Forgery (Homework 2 due before class)
Mar 30 Web application security (cntd.) (Mid-project status reports due before class) )
April 6 Session management and user authentication (slides: ppt, pdf)
April 13 Content Security Policies (CSP), Web workers, and extensions (slides: pdf) (Homework 3 assigned)
April 20 Mobile security (slides: ppt, pdf) (Homework 3 due before class)
April 27 Attacks on Internet protocols: TCP/IP, DNS, BGP SSL and certificates
May 4 Project presentations
May 11 Project presentations/
Final reports due