Computer Security

CSc 48000–Spring 2013

The City College of CUNY
Department of Computer Science

Instructor: Prof. Nelly Fazio
Lectures: Tu/Th, 3:30–4:45pm, NAC 6328
Office hours: Th, 5:00–6:00pm or by appointment, SH-279
Email: fazio AT cs DOT ccny DOT cuny DOT edu [Put CSc480 in Subject line]


[ Course Description | List of Topics | Textbook | Work Load & Grading | CUNY Academic Integrity Policy | Programming Assignment | Weekly Schedule ]


Course Description

This course provides an overview of computer security principles, ranging from cryptography to network security, to operating systems and software security. The course will help you learn the principles and practices of computer security in various computing environments. The goal is to enable you to analyze, understand and evaluate the security of computer systems.

Prerequisites: CSC 104, CSC 21700 or EE 31100, CSC 22000, CSC 30400. Familiarity with Python programming is also assumed.

List of Topics

Textbook

Required: Recommended:

Work Load & Grading

NOTE: There will be NO make-up or substitute exams!

CUNY Academic Integrity Policy

You must write all the code you hand in for the programming assignments, except for code that we give you as part of the assignment. You are not allowed to look at anyone else's solution. You may discuss the assignments with other students, but you may not look at or copy each others' code. You may not use code that might be available online.

Cheating will not be tolerated. If you cheat, you risk losing your position as a student in the department and the college. CUNY policy on academic integrity can be found here. Failure to understand and follow these rules will constitute cheating, and will be dealt with as per university guidelines.

Programming Assignments

We will have 3–4 programming assignments. The goal of these labs is to have you explore computer security concepts first hand. The programming language used for this class is Python 3. The required library is Charm.

Late Assignment Policy: Late assignment will not be accepted.

Weekly Schedule (tentative)

Lecture Date Topic Readings
1 Jan 29 Overview. Introduction to Computer security. Basic security concepts.
Lab 0 has been posted.
SB 1
2 Jan 31 Introduction to Cryptography. Information-Theoretic Setting. SB 2
3 Feb 5 Brush-up on Number Theory. ntb: 4.1–4.3
SB App. B, App. D
4 Feb 7 Hash Functions. Applications: Fingerprinting. SB pages 49–54, 20.1–21.2
5 Feb 14 Commitment Schemes.  
6 Feb 19 Symmetric Encryption: Block ciphers and Modes of Operation.
Discussion of Lab 1
Lab 1 has been posted.
SB 2.1, 20.1–20.6
7 Feb 21 Data Integrity: Message Authentication Protocols.
Key-Exchange Protocols: Merkle Puzzles.
SB pages 46–49, 20.7
SB App. E
8 Feb 26 Asymmetric Setting. Diffie-Hellman Key Exchange. SB 2.3, 21.4
9 Feb 28 Asymmetric Encryption Schemes. SB 21.3
10 Mar 5 Exercises on encryption schemes.  
11 Mar 7 Discussion of Lab 2.
Lab 2 has been posted.
 
12 Mar 12 Web Privacy: Threats and Defenses. ref1.pdf, ref2.txt
13 Mar 14 Digital Signatures. SB 2.4, page 675. SB App E.
14 Mar 19 Midterm Exam.  
15 Mar 21 Discussion of Lab 3.
Lab 3 has been posted.
  Mar 26 No class! Spring Recess.  
  Mar 28 No class! Spring Recess.  
  Apr 2 No class! Spring Recess.  
16 Apr 4 Authentication. SB 3
17 Apr 9 Access Control. SB 4
18 Apr 11 Networking: Background + The ISO OSI model. SB 22
19 Apr 16 Networking: TCP/IP protocol + DoS.
Spamhaus-1, Spamhaus-2
SB 7, SB App. F
20 Apr 18 Discussion of Lab 4.
Lab 4 has been posted.
 
21 Apr 23 Networking: Introduction to Network Routing. BGP.  
22 Apr 25 Domain Name Server. Certification Authority. SB pages 60–61, SB App. I
23 Apr 30 Cracking the code: Defending against the superweapons of the 21st
century cyberwar.
Stuxnet
24 May 2 SSL/TLS and SSH. SB 22.3
25 May 7 Software Security: Buffer Overflow. SB 10
26 May 9 Intrusion Prevention: Firewalls. SB 9
27 May 14 Intrusion Detection: Malware (Viruses, Worms, Botnets). SB 6, 8
28 May 16 Security in the Cloud  
May 21 Final Exam, 3:30—5:45pm, NAC 6328  

Copyright © Nelly Fazio