CSMC 626: Principle of Computer Security Fall 2017

  • Welcome to the CSMC 626 Class!
  • Time: TuTh 11:30am - 12:45pm Aug 30, 2017- Dec 12, 2017
  • Place: Janet and Walter Sondheim 114
  • Instructor: Haibin Zhang
  • Email: hbzhang at umbc dot edu
  • Office: ITE 357
  • Office Hours: Thursday 1:30pm-3:30pm
  • TA: Shantanu Hirlekar; hs11 at umbc dot edu

Goal

  • By learning this course, students should:
  •     1) understand computer security principles at the graduate level;
  •     2) gain hand-on experiences on systems and security research;
  •     3) be able to analyze computer security systems;
  •     4) be able to design, implement, and evaluate computer security systems.

  •     You do not need to have a security background to be successful for the course. This is at first a security breadth course, which has a comprehensive coverage. You will work with your colleague as a team of 2 or 3 students in total on an interesting system and security project.

Prerequisites

  • Students should be familiar with operating systems and computer architecture. Students should have a good programming ability and a strong desire to work with real systems. Security or crypto background is not needed but would be helpful.

Topics

  • Introduction to computer security; Security policies (e.g., confidentiality, integrity, availability, accountability); Modern cryptography; Cryptographic engineering; Systems and distributed systems basics; Cloud computing and cloud security; Software defined networking and its security; Hardware security; Network security; Intrusion detection; Privacy and anonymity; CPS security; Storage and storage security; Blockchains (permissioned and permissionless) security; Ethics in computer security.

Evaluation

  • Participation: 10% (I expect all students to participate in class discussion)
  • Homework and paper reviews: 20%
  • Mid-term exam (oral or written): 15%
  • Mid-term presentation and your proposed final project (reviewed after mid-term): 15%
  • Final project (technical report/research paper, codes, and final presentation): 40%

  •     For mid-term presentation, you will present a research paper in reasonable details, survey related works, and propose and discuss a research topic for the final project with your goals. For the final project, you should work closely with me and your team. It is rarely you could have a wonderful idea at the very beginning, but you could have a great one through the course study and active discussion.

Late policy

  • Each homework and paper review must be submitted on time. Throughout the course, I allow one exception made for paper review: the review has to be submitted before the class begins, and you will be only given partial credits. Final project deadline cannot be extended. Please manage your time.

Academic conduct

  • The UMBC academic integrity policy is available at http://oue.umbc.edu/ai/
    All writing and presentation must be entirely your own. You need to reference things that are not yours. If you have done a similar project previously, please let me know and let’s discuss if new things could be built upon your previous project. You need to explicitly acknowledge any help you received for any writing and presentation. If you do not include a statement, it is assumed you work completely independently.
    Cases of academic dishonesty will be dealt with seriously. Depending on its severity, it can be an F for the course.

What do I expect from your project?

  • You need to study one interesting and open research problem on systems and security. First, this requires you to study related works. Then you need to have some novel ideas: may it be a new attack on a real system, or a new design and implementation improving the security or performance of a security system. No worries, we will help you find a good project. Moreover, you may evaluate your system in terms of a number of factors, including latency, throughput, scalability, effectiveness, and robustness against failures and attacks. (If it is an attack project, can you fix the problem you discovered?)
      No system is perfect: any problems on your design and implementations? If you have more time, what would you add? Any open problems?

How to write a good academic paper?

  • A short PPT: https://www.cis.upenn.edu/~sweirich/icfp-plmw15/slides/peyton-jones.pdf

References

  • There is no required book.
  • Recommended: Matt Bishop’s book (computer security in general): http://nob.cs.ucdavis.edu/book/book-aands/index.html
  • Optional: Cachin et al. book (modern systems and distributed systems): http://www.springer.com/us/book/9783642152597 (I believe UMBC students have free access to this book.)
  • Optional: Katz Lindell book (modern cryptography): http://www.cs.umd.edu/~jkatz/imc.html
  • Optional: Boneh and Shoup online book (free) https://crypto.stanford.edu/~dabo/cryptobook/draft_0_3.pdf
Class Date Topic Homework Reading Slides
8/31 Introduction to computer security
Overview of all the topics
overview
9/5 Policies, trust, mechanisms
Case studies
A survey of information authentication
9/7 Modern cryptography
A practioner perspective
For this and subsequent lectures
Symmetric encryption (BR)
Message authentication (BR)
crypto
9/12 Modern cryptgraphy
A cryptographer perspective
HW1
9/14 Public key cryptography
Cryptographic engineering
Please do read before the class
Mathematics for PKC
Here are simplified versions
DL problems (first 16 pages required)
RSA (Section 1-3 required)
9/19 Systems and distributed systems basics Please read Chapter (Basic Abstractions) systems
9/21 Gaming console operating systems
Guest Lecture by Lawrence Sebald
9/26 State machine replication Review Paxos explained from scratch
(due 9/25)
From VR to BFT
Liskov slide
SMR
9/28 BFT Review PBFT (due 9/27) Addtional reading
10/3 Cloud computing and cloud security Need understand Azure and OpenStack architecture
Azure
cloud
10/5 HW1 review
Example projects
Domain name system and its security
Review Secure Distributed DNS (due 10/4)
10/10 DNS security, cont.
Central Authorities Security
Read
CoSi
DNS
10/12 SDN Security Review SDN security (due 10/11)
10/17 Intrusion detection; XSS attacks IDS
10/19 Bitcoin; permissionless blockchains Read the bitcoin paper
10/24 Mid-term presentation and group discussion (1)
10/26 Mid-term presentation and group discussion (2)
10/31 Written exam (no proofs)
11/2 Exam review
Garbled circuits
Read the non-proof part GC
11/7 Garbled circuits and its implementations ObliVM
JustGarble
TinyGarble
GC
11/9 Secret sharing
Erasure coding
Secure storage
11/14 BChain BChain
Hyperledger Architecture
BChain
11/16 Revisting integrity
How to to achieve CIA altogether?
CIA
11/21 CIA cont.; Ethics in computer security
11/23 No class; Happy thanksgiving
11/28 Wrap-up; open problems in computer security
11/30 Quiz; project discussion
12/5 Final presentation and demo
12/7 Final presentation and demo
12/12 No class; UMBC study day
reserved exclusively for prepation for finals
12/15 Technical reports and code due