COMS W4181: Security 1 (Fall 2019)

Lecture Details

Instructor: Suman Jana
Office: Mudd 412
Office hours: Tuesday (2:30-3:30pm)
TA Office hours: Monday: 9- 10 am (Lawan Rahim) Tuesday: 9am - 10am (Lawan Rahim) Thursday: 10:30am - 12:30pm (Shiqi Wang)
Classroom: Mudd 1127
Class hours: Tuesday and Thursday (1:10-2:25 pm)


This class will teach you different fundamental aspects of computer security including basics of cryptography, network security, host security, software and hardware security. The goal of this class is to explore different security problems that affect real-world systems and different techniques that can prevent/mitigate such issues.

Note:There will be no assigned textbook for the class and you are expected to read the assigned articles/papers/slides carefully.


There is no formal prerequisite for this class but you should be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.

See the rules for the class.


Both midterm and final will be open-notes but no internet access will be allowed.

Books (optional): Network Security: Private Communication in a Public World, Thinking Security: Stopping Next Year's Hackers.


Date Topics Lecture slides & Reading
Sep 3 Introduction & Threat models intro.pptx, intro.pdf
Sep 5 Crypto I - basics, ciphers crypto.ppt, crypto.pdf, optional reading: Network Security: Private Communication in a Public World 2nd ed. by Kaufman et al. (Chapters 5.1-2, 5.6-7, 2.1-6, 4.2, and 6.1-6)
Sep 10 Crypto II - public key, hash functions
Sep 12 Crypto (cntd.)
Sep 17 Crypto (cntd.)
Sep 19 Class canceled (Suman is traveling)
Sep 24 Crypto (cntd.)
Sep 26 Crypto in practice crypto_fails.ppt, crypto_fails.pdf
Oct 1 Network Security: SSL/TLS, HTTPS ssl.ppt, ssl.pdf
Oct 3 Network Security: SSL/TLS, HTTPS
Oct 8 Network Security: SSL/TLS, HTTPS
Oct 10 Web Security web_sec.pptx, web_sec.pdf
Oct 15 Web Security
Oct 22 Midterm
Oct 24 Network Security: TCP/IP, DNS, BGP tcp-dns.pptx, tcp-dns.pdf
Oct 29 Network defense: Firewalls, VPNs, and Intrusion Detection (guest lecture by Gabe Ryan) network-defense.pptx, network-defense.pdf
Oct 31 Denial of service attacks dos.pptx, dos.pdf.
Nov 5 Academic Holiday
Nov 7 Denial of service attacks (cntd.)
Nov 12 Memory corruption & defenses memory_attacks.pptx, memory_attacks.pdf
Nov 14 Memory corruption & defenses
Nov 19 Principle of least privilege/Access control principles.pptx, principles.pdf
Nov 21 Principle of least privilege/Access control
Nov 26 Sandboxing & Isolation isolation.pptx, isolation.pdf
Nov 28 Academic Holiday
Dec 3 Sandboxing & Isolation
Dec 5 Final