CSE 331 – Computer Security Fundamentals

 

Instructor: Long Lu
Location: FREY HALL 201
Meeting Times: Tue Thu 10:00 a.m. – 11:20 a.m. (Fall 2016)
Prerequisites: System fundamentals I and II (CSE 220 and 320)
Office Hours: Tue Thu 11:20 a.m. – 12:00 a.m., NCS 359 (Fall 2016)

 

  • Course Description

    This course introduces the basic concepts and terminology of computer security. It covers basic security topics such as cryptography, operating systems security, network security, and language-based security.

    Reading Materials and Text Books

    Pre-class readings consist of papers, articles, and book chapters, whose digital copies will be provided before class. Materials provided in this course should be used for educational purposes only and not be distributed without permissions.

    The following text books are recommended, but NOT required:

    • [NS] Network Security: Private Communication in a Public World (by Charlie Kaufman et al.)
      ISBN-10: 0130460192 | ISBN-13: 978-0130460196
    • [ICS] Introduction to Computer Security (by Michael Goodrich and Roberto Tamassia)
      ISBN-10: 0321512944 | ISBN-13: 978-0321512949
    • [HAC] Handbook of Applied Cryptography (by Alfred J. Menezes et al.)
      Available for download at http://cacr.uwaterloo.ca/hac/

    Learning and Teaching

    For effective in-class learning, students must finish the required readings before coming to classes. This course is taught primarily using whiteboard with occasional uses of slides for demonstrations. Note-taking is strongly encouraged, so is active participation in discussions.

    Grading

    • Assignments, and presentations – 30%
    • Mid-term exam – 20%
    • Final exam – 20%
    • Projects – 30%

    Honor Code

    Students are required to follow the university honor code and guidelines on academic conduct at all times. Failing to do so will result in instant reports to the university.

  • Schedule

    Students must check this schedule regularly as new materials are frequently added without separate announcements.

    Date Topic Readings & References Note
    Basic Crypto
    8/30 Course Introduction
    9/1 Symmetric-key cryptography (I) Chapter 1.1-1.5, 6.1, and 7.1-7.3 in [HAC];
    9/6 No Class (Labor Day) Chapter 3 and 4 in [NS] (optional);
    9/8 Symmetric-key cryptography (II) Chapter 3 and 4 in [NS] (optional);
    9/13 Asymmetric-key cryptography (I) Chapter 1.6-1.11 and 8.1-8.2 in [HAC];
    9/15 Asymmetric-key cryptography (II) Chapter 2.5 and 2.6 in [NS] (optional);
    9/20 Passwords and authentication (I) Password security: A case history;
    9/22 Passwords and authentication (II) Chapter 9 and 10 in [NS] (optional); Homework 1 release
    9/27 Guest Lecture: Ransomware
    9/29 Crypto lab & presentation
    Network Security
    10/4 TCP/IP attacks & Security TCP/IP Security, IPSEC
    10/6 DNS attacks & Security DNS security issues Project 1 release
    10/11 Internet Routing & BGP Security Survey of BGP attacks and solutions
    10/13 SSL/TLS (I) Issues and challenges; Best practice
    10/18 SSL/TLS (II)
    10/20 Mid-term Exam in-class
    10/25 Project presentation
    Systems Security
    10/27 Malware & Botnet
    11/1 Firewall & Intrusion Detection Survey; Open IDS
    11/3 Memory corruption & exploitation (I) Buffer overflow; Stack smashing;
    11/8 Memory corruption & exploitation (II) Heap-based exploitation; ROP
    11/10 Memory safety & control flow protection
    Web Security
    11/15 Server-side attacks & defenses Web-based attacks;
    11/17 Client-side attacks & defenses Chrome browser;
    Mobile Security
    11/22 Android Security Project 2 release
    11/24 NO CLASS Holiday
    11/29 iOS Security
    Wrap-up
    12/1 Advanced Topics
    12/6 Final Proj Presentation (I)
    12/8 Final Proj Presentation (II)
    12/16 Final Exam  Location: Frey 201 317 11:15 AM-1:45 PM