Schedule

Please note that the schedule is subject to change.

Unit 1: Security Concepts & Requirements

Date Topics Text Notes
1/30 Lecture: Overview & Basic Concepts
  • Course Overview
  • Terminology & Concepts
    		•  Introduction Slides
    Reflections on Trusting Trust
    TEMPEST Demonstration
    2/1 Lecture: Security Concepts & Requirements
  • Standards Organizations
  • Security Concepts
  • Threats, Attacks, Assets
  • Requirements
    		•  Chapter 1 Security Concepts Slides
    Security Requirements Slides
    CSI Computer Crime and Security Survey
    Threat Actions and Consequences (from RFC 2828)
    ITU X.800 Standard

    Unit 2: Buffer Overflow & Malicious Software

    Date Topics Text Notes
    2/6 Lecture: Stack Buffer Overflow
  • Stack Structure
  • Overflow Vulnerability
  • Exploitation
    		•  Chapter 10
  • Buffer Overflow Slides
  • in-out package
  • in-out explotation tools
  • Disassembled shellcode
    • 2/8 Lecture: Buffer Overflow Defense
  • Recap of Exploitation
  • Defense Mechanisms
    		•
  • Buffer Overflow Defense Slides
    • 2/13 Lecture: Malicious Software I
  • Types of Malware
  • Signatures
  • Examples
    		•  Chapter 6
  • Malware Propagation Slides
  • Fighting viruses, defending the net by Mikko Hypponen
  • ClamAV signature strings
  • Some sample metamorphic coding techniques
  • Metamorphic Viruses: Analysis and Detection by Evgenios Konstantinou
    • 2/15 Lecture: Malicious Software II
  • Malware payloads
  • Best practices
    		•
  • Malware Payload Slides
    		•
    2/20 Lecture: Malicious Software III
  • Malware Payloads (contd)
  • Lab Information
  • Please read 8.2 – 8.4
    		•  Sections 8.2 – 8.4
    2/22 Lab 1: Return-to-libc
    2/26 Unit 2 Homework Due Solutions due on Piazza by 9:00 pm

    Unit 3: Cryptography

    Date Topics Text Notes
    2/27 Lecture:
  • Overview of Cryptography
  • Classes of Algorithms
  • Applications
    		•  Chapter 2
  • Lecture Slides
    		•
    3/1 Lecture:
  • Overview of Cryptography (contd)
    		•  There were no slides for this lecture.
    3/6 Lecture:
  • Symmetric Encryption
  • Block Ciphers
  • Modes of Operation
  • Stream Ciphers
    		•  Sections 20.1 – 20.3, 20.5
  • Block Cipher Slides
  • Stream Cipher Slides
  • FIPS Pub 46-3
  • A Known Plaintext Attack on Two-Key Triple Encryption
    		•
    3/8 Lecture:
  • Hash Functions
  • Message Authentication
    		•  21.1 – 21.3
  • Hash & MAC Lecture Slides
    		•
    3/13 Lecture:
  • Public Key Encryption
  • RSA
  • Diffie-Hellman
  • Signatures
    		•  Sections 21.4, 21.5 Lab 1 Due by 11:59 pm
  • DH Screencast, Part 1
  • DH Screencast, Part 2
  • PKC/RSA Lecture Slides
  • DH Lecture Slides
  • rsa_example.py
    • Papers by William Ellis and Cliff Cocks. These were released by the UK Government but are still marked SECRET.
  • W. Ellis - Non-Secret Encryption
  • C. Cocks - Note on Non-Secret Encryption
    		•
    3/15 Lecture:
  • Psuedo-Random Numbers
  • Linear Congruential Generators
  • Block-Cipher Methods
  • Blum-Blum-Shub
    		•  Appendix D
  • PRNG Screencast, Part 1
  • PRNG Screencast, Part 2
  • PRNG Lecture Slides
  • Hull & Dobell, Random Number Generators
  • NIST SP800-90A
    		•
    3/19 – 3/23 SPRING BREAK
    3/27 Lab 2: Modern Cryptography

    Midterm Exam: Thursday, March 29

    Unit 4: Authentication & Access Control

    Date Topics Text Notes
    4/3 Lecture: Authentication
  • Use of Passwords
  • Password Vulernabilities
    		•  3.1, 3.2
  • Password Authentication Slides
  • Hellman's original TMTO Paper
    		•
    4/5 Lecture: More Authentication
  • Password Selection
  • Alternatives to Passwords
  • Tokens and OTP
    		•  3.2, 3.3
  • Password Selection & Alternatives Slides
    		•
    4/10 Lecture: Access Control
  • Terminology
  • File Access Control
  • OS Access Control
  • RBAC
    		•  4.1 – 4.6
  • Access Control Slides
  • The NIST Model for Role-Based Access Control
    		•
    4/12 Lab 3: Password Recovery

    Unit 5: Network Security

    Date Topics Text Notes
    4/17 Lecture: Network Security Intro
  • Network Layers
  • Ethernet
  • Internet Protocol
  • ARP & IP Spoofing
    		•
  • Network Security Intro Slides
    		•
    4/19 Lecture: DNS Security
  • DNS Basics
  • DNSSEC
    		•
  • DNS Security Slides
    		•
    4/24 Lecture: Secure Shell
  • Pre-SSH (Telnet, etc.)
  • SSH Protocols
  • Debian Fiasco
    		•
  • SSH Slides
  • SSH Background
    		•
    4/26 Lecture: SSH Weak Keys
    5/1 Lecture: Network Autentication
  • Needham-Schroeder
  • Kerberos
  • Quantum Computing
    		•
  • N-S, Kerberos, and QC Lecture Notes
    		•
    5/3 Lab 4: Network Security

    Unit 6: Economics & Ethics

    Date Topics Text Notes
    5/8 Lecture: Economics of Cybersecurity
  • Gordon-Loeb Model
    		•
  • Gordon and Loeb, The Economics of Information Security Investment.
  • Martin Loeb's slides from June 2014.
    		•
    5/10 Lecture: Legality & Ethics 19.1 – 19.4
    5/15 Wrap-up & Review

    Final Exam: Thursday, May 22, 1:00 – 3:00 pm