COMS W4181: Security 1 (Fall 2019)
Lecture Details
Instructor: Suman Jana
Office: Mudd 412
Office hours: Tuesday (2:30-3:30pm)
TA Office hours: Monday: 9- 10 am (Lawan Rahim) Tuesday: 9am - 10am (Lawan Rahim) Thursday: 10:30am - 12:30pm (Shiqi Wang)
Classroom: Mudd 1127
Class hours: Tuesday and Thursday (1:10-2:25 pm)
Description
This class will teach you different fundamental aspects of computer security including basics of cryptography, network security, host security, software and hardware security. The goal of this class is to explore different security problems that affect real-world systems and different techniques that can prevent/mitigate such issues.
Note:There will be no assigned textbook for the class and you are expected to read the assigned articles/papers/slides carefully.
Prerequisite
There is no formal prerequisite for this class but you should be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.
See the rules for the class.Grading
- Programming assignments (4) - 56%
- Midterm - 20%
- Final (non-cumulative) - 20%
- Class participation - 4%
Books (optional): Network Security: Private Communication in a Public World, Thinking Security: Stopping Next Year's Hackers.
Schedule
| Date | Topics | Lecture slides & Reading |
| Sep 3 | Introduction & Threat models | intro.pptx, intro.pdf |
| Sep 5 | Crypto I - basics, ciphers | crypto.ppt, crypto.pdf, optional reading: Network Security: Private Communication in a Public World 2nd ed. by Kaufman et al. (Chapters 5.1-2, 5.6-7, 2.1-6, 4.2, and 6.1-6) |
| Sep 10 | Crypto II - public key, hash functions | |
| Sep 12 | Crypto (cntd.) | |
| Sep 17 | Crypto (cntd.) | |
| Sep 19 | Class canceled (Suman is traveling) | |
| Sep 24 | Crypto (cntd.) | |
| Sep 26 | Crypto in practice | crypto_fails.ppt, crypto_fails.pdf |
| Oct 1 | Network Security: SSL/TLS, HTTPS | ssl.ppt, ssl.pdf |
| Oct 3 | Network Security: SSL/TLS, HTTPS | |
| Oct 8 | Network Security: SSL/TLS, HTTPS | |
| Oct 10 | Web Security | web_sec.pptx, web_sec.pdf |
| Oct 15 | Web Security | |
| Oct 22 | Midterm | |
| Oct 24 | Network Security: TCP/IP, DNS, BGP | tcp-dns.pptx, tcp-dns.pdf |
| Oct 29 | Network defense: Firewalls, VPNs, and Intrusion Detection (guest lecture by Gabe Ryan) | network-defense.pptx, network-defense.pdf |
| Oct 31 | Denial of service attacks | dos.pptx, dos.pdf. |
| Nov 5 | Academic Holiday | |
| Nov 7 | Denial of service attacks (cntd.) | |
| Nov 12 | Memory corruption & defenses | memory_attacks.pptx, memory_attacks.pdf |
| Nov 14 | Memory corruption & defenses | |
| Nov 19 | Principle of least privilege/Access control | principles.pptx, principles.pdf |
| Nov 21 | Principle of least privilege/Access control | |
| Nov 26 | Sandboxing & Isolation | isolation.pptx, isolation.pdf |
| Nov 28 | Academic Holiday | |
| Dec 3 | Sandboxing & Isolation | |
| Dec 5 | Final |