CS426 Spring 2009: Computer Security

Class Information
Lectures
Additional Reading

HW2 and PRJ3 DUE APRIL 24




Class Information
Class Overview
    A survey of the fundamentals of information security. Risks and vulnerabilities, policy formation, controls and protection methods, database security, encryption, authentication technologies, host-based and network-based security issues, personnel and physical security issues, issues of law and privacy.
Instructor TA
    Jing Dong
    Email: dongj@cs.purdue.edu
    Office hours: TBA
Class Schedule
    MWF 12:30pm -1:20pm LWSN 1106
Textbook
    Security in Computing. C. P. Pfleeger and S. L. Pfleeger.
Mailing list

    The class mailing list is 426. Please add yourself to the class mailing list.

Academic Integrity

    Academic Honesty and Ethical behavior are required in this course, as it is in all courses at Purdue University. The class will be conducted according to the policy written by Professor Gene Spafford. Please take the time to read it carefully. This policy will be followed unless I provide written documentation of exceptions.

    You are encouraged to talk with the professor about any questions you have about what is permitted on any particular assignment.

Grading
    The grade will be based on written homework assignments (HW), three programming projects (PP), midterm (ME), a final exam (FE) and class participation(CP), as follows: Grade = 15% * HW + 30% * PP + 15% * ME + 30% * FE + 10%*CP.

    Exams are closed books and closed notes.
Lectures

This is a tentative plan of the lectures. Lecture slides will be posted below. Homework and projects will be handed in class.



Week Monday Wednesday Friday
Week 1
Jan. 12 - Jan. 16		 Lecture 1 - Course overview. Lecture 2 - Cryptography: Terminology and classic ciphers. Lecture 3 - Cryptography overview: Block ciphers.
Week 2
Jan. 19 - Jan. 23		 NO CLASS. Lecture 4 - Cryptography overview: Encryption modes. Hash functions. Lecture 5 - Cryptography overview: Message authentication codes and public-key encryption.
PROJECT 1 assigned.
Week 3
Jan. 26 - Jan. 30		 Lecture 6 - Program security: Buffer overflow. Lecture 7 - Program security: Trojans, logic bombs, viruses, worms. Lecture 8 - Program security: Botnets, rootkits.
Week 4
Feb. 2 - Feb. 6		 Lecture 9 - Program security: Spyware. Browser security. Lecture 10 - Program security: Browser security. Lecture 11 - Keystroke loggers, man-in-the-middle, covert channels.
Week 5
Feb. 9 - Feb. 13		 Lecture 12 - Operating systems security. User authentication.
PROJECT 2 assigned.
PROJECT 1 due.		 Lecture 13 - Operating systems security: Access control (ACLs, access control matrix, capabilities). Kerberos. Lecture 14 - Operating systems security: Access control in UNIX Systems.
Week 6
Feb. 16 - Feb. 20		 Lecture 15 - Operating systems security: Discretionary Access Control vs. Mandatory Access Control. SELinux. Lecture 16 - Operating systems security: Models of security: multilevel, Bell-La Padula. Lecture 17 - Operating systems security: Models of security: Biba, Clark-Wilson, and Chinese Wall.
Week 7
Feb. 23 - Feb. 27		 Lecture 18 - Operating systems security: Memory protection. Lecture 19 - Operating systems security: Trusted computing base. Project 2 Q&A.
HOMEWORK 1 assigned.
Week 8
Mar.2 - Mar. 6		 Lecture 20 - Assurance in trusted operating systems: Common Criteria
PROJECT 2 due Tuesday March 2, Midnight.		 Midterm Review: Cryptography. Midterm Review: Program Security.
Week 9
Mar. 9 - Mar. 13		 Midterm Review: Operating Systems Security. MIDTERM IN CLASS Lecture 21 - Network security: overview of network protocols.
SPRING BREAK SPRING BREAK SPRING BREAK
Week 10
Mar. 23 - Mar. 27 		Lecture 22 -Network security: overview of wireless communication. Lecture 23 - Network security: Attacks against TCP. Lecture 24 - Network security: IP security.
Week 11
Mar. 30 - Apr. 3		 Lecture 25 - Network security: TLS.
PROJECT 3 assigned.		 Lecture 26 - Network security: WEP.WPA. 802.11 Denial of service. Lecture 27 - Network security: Cellular networks.
Week 12
Apr. 6 - Apr. 10		 Lecture 28 - Network security: DNS Security. Lecture 29 - Network security: DNS Security.
HOMEWORK 2 assigned. 		Lecture 30 - Risk analysis and ethics in computer security.
Week 13
Apr. 13 - Apr. 17		 Lecture 31 - Network security: Firewalls. Intrusion Detection Systems. Lecture 32 - Network security: Anonymity and Traffic Analysis. Lecture 33 - Database security: Availability.
Week 14
Apr. 20 - Apr. 24		 Lecture 34 - Computer crime: Laws defining aspects of crime against or using computers. Lecture 35 - Computer crime: Laws and ethics. Lecture 36 - Risk analysis.
PROJECT 3 due. HW2 due
Week 15
Apr. 27 - May 1		 FINAL EXAM REVIEW FINAL EXAM REVIEW FINAL EXAM REVIEW


Additional Reading

Copyright© 2008 Cristina Nita-Rotaru. Send your comments and questions to Cristina Nita-Rotaru