Computer Security

CSc 38000–Fall 2023

 The City College of CUNY
Department of Computer Science

Instructor: Prof. Nelly Fazio
Lectures: Tu/Th, 2:00–3:15pm, SH 75
Office hours: T/Th, 12:30–1:30pm or by appointment, SH-279
Email: fazio AT cs DOT ccny DOT cuny DOT edu [Put CSc380 in Subject line]

[ Course Description | List of Topics | Textbook | Work Load & Grading | CUNY Academic Integrity Policy | Programming Assignment | Weekly Schedule ]

Course Description

This course provides an overview of computer security principles, ranging from cryptography to network security, to operating systems and software security. The course will help you learn the principles and practices of computer security in various computing environments. The goal is to enable you to analyze, understand and evaluate the security of computer systems.

Prerequisites: CSC 22000 AND CSC 21100 OR (CSC 21000 AND EE 21000)

List of Topics

Textbook

Required: Recommended:

Work Load & Grading

NOTE: There will be NO make-up or substitute exam!

CUNY Academic Integrity Policy

You must write all the code you hand in for the programming assignments, except for code that we give you as part of the assignment. You are not allowed to look at anyone else's solution. You may discuss the assignments with other students, but you may not look at or copy each others' code. You may not use code that might be available online.

Cheating will not be tolerated. If you cheat, you risk losing your position as a student in the department and the college. CUNY policy on academic integrity can be found here. Failure to understand and follow these rules will constitute cheating, and will be dealt with as per university guidelines.

Programming Assignments

We will have 2–3 programming assignments. The goal of these labs is to have you explore computer security concepts first hand.

Late Assignment Policy: Late assignments will not be accepted.

Weekly Schedule (tentative)

Lecture Date Topic Readings
1 Aug 29 Overview. Introduction to Computer security. Basic security concepts. SB 1
2 Aug 31 Introduction to Cryptography. Information-Theoretic Setting. SB 2
3 Sep 5 Introduction to the Computational Setting. SB 2
4 Sep 7 Brush-up on Number Theory. ntb: 4.1–4.3
SB App. B, App. D
5 Sep 12 Brush-up on Number Theory (con't) ntb: 4.1–4.3
SB App. B, App. D
6 Sep 14 Hash Functions. Applications: Fingerprinting. SB 2.2, 21.1
7 Sep 19 Commitment Schemes.  
8 Sep 21 Symmetric Encryption: Block ciphers and Modes of Operation. SB 2.1, 20
9 Sep 26 Review of Number Theory concepts. Examples.  
10 Sep 28 Data Integrity: Message Authentication Protocols. SB pages 46–49, 20.7
SB App. E
11 Oct 3 Asymmetric Setting. Diffie-Hellman Key Exchange. SB 2.3, 21.4
12 Oct 5 Asymmetric Encryption Schemes. SB 21.3
13 Oct 12 Project 1: CCA2 Hybrid Encryption.
14 Oct 17 Digital Signatures. SB 2.4, page 675. SB App E.
15 Oct 19 Discussion of Lab1  
15 Oct 24 Review  
17 Oct 26 Midterm Exam.  
18 Oct 31 Authentication. SB 3
19 Nov 2 Access Control. SB 4
20 Nov 7 Networking: Background + The ISO OSI model. SB 22
21 Nov 9 Networking: TCP/IP protocol + DoS.
Spamhaus-1, Spamhaus-2 		SB 7, SB App. F
22 Nov 14 Networking: Introduction to Network Routing. BGP.
Domain Name Server. Certification Authority. 		SB pages 706–711, SB App. H
23 Nov 16 Discussion of Lab 2  
24 Nov 21 SSL/TLS and SSH. SB 22.3
25 Nov 28 Software Security: Buffer Overflow. SB 10
26 Nov 30 Intrusion Prevention: Firewalls. SB 9
27 Dec 5 Intrusion Detection: Malware (Viruses, Worms, Botnets). SB 6, 8
Stuxnet
Dec 7 Final Exam, 2:00—3:15pm, SH 75  

Copyright © Nelly Fazio