CSci 454 - Computer and Network Security

CSci 454: Computer and Network Security, Spring 2019

General Information

Prerequisites

CSci 303 and CSci 304. Students are expected to have a good understanding of computer organization and programming. In addition, knowledge about computer architecture, operating systems, programming languages and principals of computer systems and networks is recommended.

Course Materials

Textbook: Computer Security: A Hands-on Approach by Wenliang Du

Other useful books:

Slides will be uploaded to Piazza.

We will also use research papers posted on this page. Student must read papers before the class

Course Description

An introduction to the principles and practices of building secure systems. Covered topics include: software attacks (buffer overflow, integer overflow, etc.), malware, systems security, hardware attacks, operating system security, authentication and authorization, basics of cryptography, public key infrastructures, SSL/TLS, web security, IP security, and Denial of Service (DoS) attacks.

Grade Distribution

Optional Undergraduate Research Project: Bonus 15pt will be awarded if and only if a successful project is completed by the end of the semester (a final report will be due in the finals week). Talk to the instructor if you are interested.

Final letter grades will be given based on the standard scale used in WM. Grades may be curved at the instructor’s discretion.

General Information

Homework Assignments

We will use SEED labs for in this course. There will be around 5–8 homework assignments. Some of the assignments are SEED labs, others are programming. It’s recommended to install VirtualBox on your own machine and download the SEEDUbuntu16.04 virtual machine image. If you have root access to a Linux system you can use it instead. VirtualBox is installed on lab machines. However, the image must be downloaded into the scratch directory. If you need assistance, please ask the techies.

Submissions, Grading, and Deadlines

Homework Assignments and Reports should be submitted electronically (no hard copies) on Blackboard by midnight on the due date in the PDF format. You may use MS-word or Latex to typeset your answers, however, final submission has to be in the PDF format. If assignment requires you to submit code, place all code and Makefiles in a directory, compress and upload the archive.

Some homeworks may carry more points than others.

Submission deadlines are hard. However, we do have a late/miss policy:

Late HWs are accepted with 20% penalty for each day they are late by.

If you miss an exam or quiz, you will get zero points. The lowest score on the quizzes will be dropped.

Exceptions will be handled case by case and will only be considered under a university-approved condition with a written proof.

If you have any grading-related questions, please contact the TA first. If the issue is not resolved, then you can escalate the matter to the instructor. The instructor will make the final decision.

You are encouraged to discuss the assignments and homeworks with your fellow students, especially on Piazza, but must write your own reports.

Exams & Quizzes

Exams & Quizzes are closed book. However, you will be allowed to bring a single page handwritten cheat sheet (two-sided). Midterm exam is 1 hour 20 minutes long. The final exam is 3 hours. No collaboration is allowed on exams and quizzes.

Semester Schedule (This is a tentative schedule watch for updates!)

Week Lecture Date Topic Reading
1 1 Thu, Jan 17, 19 Introduction to the Course  
2 2 Tue, Jan 22, 19 Security fundamentals, trust and trustworthiness, threat models, multi-level attacks Recommended: Reflections on trusting trust by Ken Thomson, Chapter 1.2 from Security in Computing
  3 Thu, Jan 24, 19 Authentication, Passwords Chapter 1 from Computer Security: A hands-on Approach, Optional: Chapter 2.1 from Security in Computing
3 4 Tue, Jan 29, 19 Acess Control, Permissions Chapter 2 and 3 from Security in Computing Computer Security: A hands-on Approach, Optional: Chapter 2.2 from Security in Computing
  5 Thu, Jan 31, 19 Memory Organization, Stack, ABI Helpful resources will be posted on Piazza
4 6 Tue, Feb 5, 19 Buffer Overflow Attacks and Protections Chapter 4 from from Security in Computing Computer Security: A hands-on Approach
  7 Thu, Feb 7, 19 Buffer Overflow Attacks and Protections II  
5 8 Tue, Feb 12, 19 Code Reuse Attacks and Protections Chapter 5 from from Security in Computing Computer Security: A hands-on Approach
  9 Thu, Feb 14, 19 Integer Overflow and Format String Attacks, Protections Chapter 6 from from Security in Computing Computer Security: A hands-on Approach
6 10 Tue, Feb 19, 19 Isolation and Confinement Chapter 3.3 from Security in Computing
  11 Thu, Feb 21, 19 Timing, Side and Covert Channel Attacks I Cache Missing for Fun and Profit by Colin Percival
7 12 Tue, Feb 26, 19 Midterm Review Lecture Slides, Quizzes, Your notes, Homeworks
    Thu, Feb 28, 19 Midterm  
8   Tue, Mar 5, 19 SPRING BREAK  
    Thu, Mar 7, 19 SPRING BREAK  
9 13 Tue, Mar 12, 19 Timing, Side and Covert Channel Attacks II On the Privacy and Security of the Ultrasound Ecosystem
  14 Thu, Mar 14, 19 Cryptography and Cryptoanalysis, Basics, Old Ciphers Recomended: Chapter 1 from Understanding Cryptography
10 15 Tue, Mar 19, 19 One TIme Pad, Stream Ciphers, Random Number Generators Recomended: Chapter 2 from Understanding Cryptography
  16 Thu, Mar 21, 19 Block Ciphers, Hash Functions, MAC Recomended: Chapter 4,5,11,12 from Understanding Cryptography
11 17 Tue, Mar 26, 19 Diffie Hellman Key Exchange, Public Key Cryptography Recomended: Chapter 6 from Understanding Cryptography
12 18 Tue, Apr 2, 19 Public Key Cryptography II Recomended: Chapter 7 from Understanding Cryptography
  19 Thu, Apr 4, 19 Web Application Security Chapter 9, 10 Computing Computer Security: A hands-on Approach
13 20 Tue, Apr 9, 19 Web Application Security II Chapter 9, 10 Computing Computer Security: A hands-on Approach
  21 Thu, Apr 11, 19 RESCHEDULED Mon Apr 15, 5:00 McGl 020 TLS/SSL, HTTPS Chapter 18, 19 Computing Computer Security: A hands-on Approach
14 22 Tue, Apr 16, 19 Network security I Chapter 12, 13 Computing Computer Security: A hands-on Approach
  23 Thu, Apr 18, 19 Network security II  
15 24 Tue, Apr 23, 19 Denial of Service Attack (DoS) and defenses  
  25 Thu, Apr 25, 19 Final Review  
Finals   May 2, 2:00 – 5:00    

CSci 554

Graduate students enrolled in CSci 554 are required to complete a semester long research project. Please contact the instructor to select your project topic. All project must be approved by instructor. The project consists of 3 phases:

Phase 1 – Project determination:

Please send an email to the instructor by the deadline (Feb 20) containing:

  1. Project Name (think of this as your paper/report title)
  2. Problem Statement
  3. Expected Steps (setting up infrastructure, implementation, performing experiment, data analyses, etc.)
  4. Expected/possible outcome and contribution

Phase 2 – Project discussion with instructor

Please meet the instructor during office hours at least two times during the semester to discuss the status of your project. Explain any observed obstacles, plans, further expectations. Your project’s proposal can be adjusted at this phase.

Phase 3 – Final report

Please submit your final report via email your final project report in PDF format. Please use the ACM sigconf format. The expected length of your project is 4-8 pages. Your report should have following sections:

  1. Problem Statement
  2. Introduction (with problem statement)
  3. Threat model (clearly explain all your assumptions)
  4. Background and Related Work
  5. Implementation Details
  6. If you are proposing some security solution, also include a security analyses section
  7. Results
  8. Conclusions

If you need any help with the project or have any questions, contact the instructor during office hours. If you require access to computational resources or hardware, talk to the instructor.

Grade Distribution for CSci 554

Final letter grades will be given based on the standard scale used in WM. Grades may be curved at the instructor’s discretion.

Helpful Services

Students wanting to improve their academic writing or teaching/presenting skills should consider taking GRAD 520: ACADEMIC WRITING and GRAD 550: COLLEGE TEACHING. The courses are offered through the Reves Center and are aimed at non-native English speakers, specifically. If interested please contact Glosson, Sarah G at sgglos@wm.edu.

The Writing Resources Center (WRC) can help when students have questions about how to construct an argument, deliver a presentation, use and cite sources, and more. Please visit the WRC website to request a class visit, tour, or brochures. The Writing Resources Center, located on the first floor of Swem Library, is a free service provided to W&M students. Trained consultants offer individual assistance with writing, presentation, and other communication assignments across disciplines and at any stage, from generating ideas to polishing a final product.

Academic Accommodations

It is the policy of The College of William and Mary to accommodate students with disabilities and qualifying diagnosed conditions in accordance with federal and state laws. Any student who feels s/he may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2509 or at sas@wm.edu to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please click here.

Honor Code

Students are required to follow the Honor System of the College of William and Mary.