CSci 454: Computer and Network Security, Fall 2019
General Information
- Instructor: Dmitry Evtyushkin (Personal Website)
- Email: devtyushkin[at]wm.edu
-
Instructor Office hours: TR 5:00PM – 6:30PM or by appointment, McGL 141
- Teaching Assistant: Ken Koltermann
-
Email: khkoltermann[at]email.wm.edu
- Time and location: TR 3:30 pm – 4:50 pm, Blow Hall 333
- Deadlines: Add/Drop Sept 6, Withdraw Oct 28
- Final exam: Dec 17, 2:00 – 5:00
- Please keep checking this website for the latest information regarding the course.
Prerequisites
CSci 303 and CSci 304. Students are expected to have a good understanding of computer organization and programming. In addition, knowledge about computer architecture, operating systems, programming languages and principals of computer systems and networks is recommended.
Course Materials
Textbook: Computer Security: A Hands-on Approach by Wenliang (Kevin) Du
Other useful books:
- Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar
- Security in Computing (5th Edition) by Charles P. Pfleeger et al.
- Hacking: The Art of Exploitation by Jon Erickson
- Applied Cryptography by Bruce Schneier
Slides will be uploaded to Piazza.
We will also use research papers posted on this page. Student should read papers before the class
Course Description
An introduction to the principles and practices of building secure systems. Covered topics include: software attacks (buffer overflow, integer overflow, etc.), malware, systems security, hardware attacks, operating system security, authentication and authorization, basics of cryptography, public key infrastructures, SSL/TLS, web security, IP security, and Denial of Service (DoS) attacks.
Grade Distribution
- In-class/Take home Quizzes – 15pt
- Homework/Programming Assignment (5 to 8) – 30pt
- Piazza activity and class participation – 5pt
- Midterm exam – 20pt
- Final Exam – 30pt
- Bonus points: Undergraduate Research Project – 15pt
Optional Undergraduate Research Project: Bonus 15pt will be awarded if and only if a successful project is completed by the end of the semester (a final report will be due in the finals week). Talk to the instructor if you are interested.
Scale used for letter grades:
- >=95 – A, 90 – A-, 85 – B+, 80 – B, 75 – B-, 70 – C+, 65 – C, 60 – C-, 55 – D+, 50 – D, 45 – D-, <45 – F.
Scores may be curved at the instructor’s discretion.
General Information
- We will use Piazza for discussions. Announcements will also be made through Piazza. Your Piazza and in-class activity is graded
- Lecture slides from the instructor will be uploaded to Piazza
- Homework assignments are submitted via Blackboard
- Grades are reported via Blackboard. Final grades are submitted via Banner
- Electronic device policy: using laptop/tablets/phones is not allowed in class unless instructed otherwise or required for medical reasons.
- Students are responsible for all materials covered in lectures.
Homework Assignments
We will use SEED labs for in this course. There will be around 5–8 homework assignments. Some of the assignments are SEED labs, others are programming. It’s recommended to install VirtualBox on your own machine and download the SEEDUbuntu16.04 virtual machine image. If you have root access to a Linux system you can use it instead. VirtualBox is installed on lab machines. However, the image must be downloaded into the scratch directory. If you need assistance, please ask the techies.
Submissions, Grading, and Deadlines
Homework Assignments and Reports should be submitted electronically (no hard copies) on Blackboard by midnight on the due date in the PDF format. You may use MS-word or Latex to typeset your answers, however, final submission has to be in the PDF format. If assignment requires you to submit code, place all code and Makefiles in a directory, compress and upload the archive.
- Some homeworks may carry more points than others.
- Submission deadlines are hard. However, we do have a late/miss policy:
- Late HWs are accepted with 20% penalty for each day they are late by.
- If you miss an exam or quiz, you will get zero points. The lowest score on the quizzes will be dropped.
- Exceptions will be handled case by case and will only be considered under a university-approved condition with a written proof.
- If you have any grading-related questions, please contact the TA first. If the issue is not resolved, then you can escalate the matter to the instructor. The instructor will make the final decision.
You are encouraged to discuss the assignments and homeworks with your fellow students, especially on Piazza, but must write your own reports.
Exams & Quizzes
Exams & Quizzes are closed book. However, you will be allowed to bring a single page handwritten cheat sheet (two-sided). Midterm exam is 1 hour 20 minutes long. The final exam is 3 hours. No collaboration is allowed on exams and quizzes.
Semester Schedule (This is a tentative schedule watch for updates!)
| Week | Lecture | Date | Topic | Reading |
|---|---|---|---|---|
| 1 | 1 | Thu, Aug 29, 19 | Introduction to the Course | |
| 2 | 2 | Sep 03, 2019 | Security fundamentals, trust and trustworthiness, threat models, multi-level attacks | Recommended: Reflections on trusting trust by Ken Thomson, Chapter 1.2 from Security in Computing |
| 3 | Thu, Sep 5, 19 | Authentication, Passwords | Chapter 1 from Computer Security: A hands-on Approach, Optional: Chapter 2.1 from Security in Computing | |
| 3 | 4 | Sep 10, 2019 | Acess Control, Permissions | Chapter 2 and 3 from Security in Computing Computer Security: A hands-on Approach, Optional: Chapter 2.2 from Security in Computing |
| 5 | Thu, Sep 12, 19 | Memory Organization, Stack, ABI | Helpful resources will be posted on Piazza | |
| 4 | 6 | Sep 17, 2019 | Buffer Overflow Attacks and Protections | Chapter 4 from from Security in Computing Computer Security: A hands-on Approach |
| 7 | Thu, Sep 19, 19 | Buffer Overflow Attacks and Protections II | ||
| 5 | 8 | Sep 24, 2019 | Code Reuse Attacks and Protections | Chapter 5 from from Security in Computing Computer Security: A hands-on Approach |
| 9 | Thu, Sep 26, 19 | Integer Overflow and Format String Attacks, Protections | Chapter 6 from from Security in Computing Computer Security: A hands-on Approach | |
| 6 | 10 | Oct 01, 2019 | Isolation and Confinement | Chapter 3.3 from Security in Computing |
| 11 | Thu, Oct 3, 19 | Timing, Side and Covert Channel Attacks | Cache Missing for Fun and Profit by Colin Percival | |
| 7 | 12 | Oct 08, 2019 | Timing, Side and Covert Channel Attacks II | On the Privacy and Security of the Ultrasound Ecosystem |
| Thu, Oct 10, 19 | Midterm | |||
| 8 | Oct 15, 2019 | Fall Break | ||
| Thu, Oct 17, 19 | Cryptography and Cryptoanalysis, Basics, Old Ciphers | Recomended: Chapter 1 from Understanding Cryptography | ||
| 9 | 13 | Oct 22, 2019 | One TIme Pad, Stream Ciphers, Random Number Generators | Recomended: Chapter 2 from Understanding Cryptography |
| 14 | Thu, Oct 24, 19 | Block Ciphers | Recomended: Chapter 4,5,11,12 from Understanding Cryptography | |
| 10 | 15 | Oct 29, 2019 | Hash Functions, MAC | |
| 16 | Thu, Oct 31, 19 | Diffie Hellman Key Exchange, Public Key Cryptography | Recomended: Chapter 6 from Understanding Cryptography | |
| 11 | 17 | Nov 05, 2019 | Public Key Cryptography II | Recomended: Chapter 7 from Understanding Cryptography |
| 12 | 18 | Thu, Nov 7, 19 | Web Application Security | Chapter 9, 10 Computing Computer Security: A hands-on Approach |
| 19 | Nov 12, 2019 | Web Application Security II | Chapter 9, 10 Computing Computer Security: A hands-on Approach | |
| 13 | 20 | Thu, Nov 14, 19 | Session Management | Chapter 18, 19 Computing Computer Security: A hands-on Approach |
| 21 | Nov 19, 2019 | TLS/SSL, HTTPS | Chapter 12, 13 Computing Computer Security: A hands-on Approach | |
| 14 | 22 | Thu, Nov 21, 19 | Network security I | |
| 23 | Nov 26, 2019 | Network security II | ||
| 15 | 24 | Thu, Nov 28, 19 | Thanksgiving Break | |
| 25 | Dec 03, 2019 | Denial of Service Attack (DoS) and defenses, Final overview | ||
| 26 | Thu, Dec 5, 19 | Topic from Piazza poll | ||
| Finals week | Dec 17, 2019 | Final Exam 2:00 – 5:00 pm |
CSci 554
Graduate students enrolled in CSci 554 are required to complete a semester long research project. Please contact the instructor to select your project topic. All project must be approved by instructor. The project consists of 3 phases:
Phase 1 – Project determination:
Please send an email to the instructor by the deadline (Oct 6) containing:
- Project Name (think of this as your paper/report title)
- Problem Statement
- Expected Steps (setting up infrastructure, implementation, performing experiment, data analyses, etc.)
- Expected/possible outcome and contribution
Phase 2 – Project discussion with instructor
Please meet the instructor during office hours at least two times during the semester to discuss the status of your project. Explain any observed obstacles, plans, further expectations. Your project’s proposal can be adjusted at this phase.
Phase 3 – Final report
Please submit your final report via email your final project report in PDF format. Please use the ACM sigconf format. The expected length of your project is 4-8 pages. Your report should have following sections:
- Problem Statement
- Introduction (with problem statement)
- Threat model (clearly explain all your assumptions)
- Background and Related Work
- Implementation Details
- If you are proposing some security solution, also include a security analyses section
- Results
- Conclusions
If you need any help with the project or have any questions, contact the instructor during office hours. If you require access to computational resources or hardware, talk to the instructor.
Grade Distribution for CSci 554
- In-class Quizzes - 15pt
- Project – 15pt
- Homework Assignment (around 5) – 15pt
- Piazza activity and class participation – 5pt
- Midterm exam – 20pt
- Final Exam – 30pt
Final letter grades will be given based on the standard scale used in WM. Grades may be curved at the instructor’s discretion.
Helpful Services
Students wanting to improve their academic writing or teaching/presenting skills should consider taking GRAD 520: ACADEMIC WRITING and GRAD 550: COLLEGE TEACHING. The courses are offered through the Reves Center and are aimed at non-native English speakers, specifically. If interested please contact Glosson, Sarah G at sgglos@wm.edu.
The Writing Resources Center (WRC) can help when students have questions about how to construct an argument, deliver a presentation, use and cite sources, and more. Please visit the WRC website to request a class visit, tour, or brochures. The Writing Resources Center, located on the first floor of Swem Library, is a free service provided to W&M students. Trained consultants offer individual assistance with writing, presentation, and other communication assignments across disciplines and at any stage, from generating ideas to polishing a final product.
Academic Accommodations
It is the policy of The College of William and Mary to accommodate students with disabilities and qualifying diagnosed conditions in accordance with federal and state laws. Any student who feels s/he may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2509 or at sas@wm.edu to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please click here.
Honor Code
Students are required to follow the (Honor System)[https://www.wm.edu/offices/deanofstudents/services/communityvalues/studenthandbook/honor_system/index.php] of the College of William and Mary. Violations will not be tolerated and incidents will be reported in accordance with WM’s rules and may result in serious sanctions.