CSMC 626: Principle of Computer Security Fall 2017

Announcement

  • Welcome to the CSMC 626 Class!

Class Information

  • Time: TuTh 11:30am - 12:45pm Aug 30, 2017- Dec 12, 2017
  • Place: Janet and Walter Sondheim 114
  • Instructor: Haibin Zhang
  • Email: hbzhang at umbc dot edu
  • Office: ITE 357
  • Office Hours: Tuesday 2pm-4pm
  • TA: Shantanu Hirlekar; hs11 at umbc dot edu

Goal

  • By learning this course, students should:
  •     1) understand computer security principles at the graduate level;
  •     2) gain hand-on experiences on systems and security research;
  •     3) be able to analyze computer security systems;
  •     4) be able to design, implement, and evaluate computer security systems.

    •     You do not need to have a security background to be successful for the course. This is at first a security breadth course, which has a comprehensive coverage. You will work with your colleague as a team of 2 or 3 students in total on an interesting system and security project.

Prerequisites

  • Students should be familiar with operating systems and computer architecture. Students should have a good programming ability and a strong desire to work with real systems. Security or crypto background is not needed but would be helpful.

Topics

  • Introduction to computer security; Security policies (e.g., confidentiality, integrity, availability, accountability); Modern cryptography; Cryptographic engineering; Systems and distributed systems basics; Cloud computing and cloud security; Software defined networking and its security; Hardware security; Network security; Intrusion detection; Privacy and anonymity; CPS security; Storage and storage security; Blockchains (permissioned and permissionless) security; Ethics in computer security.

Evaluation

  • Participation: 10% (I expect all students to participate in class discussion)
  • Homework and paper reviews: 20%
  • Mid-term exam (oral or written): 15%
  • Mid-term presentation and your proposed final project (reviewed after mid-term): 15%
  • Final project (technical report/research paper, codes, and final presentation): 40%

    •     For mid-term presentation, you will present a research paper in reasonable details, survey related works, and propose and discuss a research topic for the final project with your goals. For the final project, you should work closely with me and your team. It is rarely you could have a wonderful idea at the very beginning, but you could have a great one through the course study and active discussion.

Late policy

  • Each homework and paper review must be submitted on time. Throughout the course, I allow one exception made for paper review: the review has to be submitted before the class begins, and you will be only given partial credits. Final project deadline cannot be extended. Please manage your time.

Academic conduct

  • The UMBC academic integrity policy is available at http://oue.umbc.edu/ai/
    All writing and presentation must be entirely your own. You need to reference things that are not yours. If you have done a similar project previously, please let me know and let’s discuss if new things could be built upon your previous project. You need to explicitly acknowledge any help you received for any writing and presentation. If you do not include a statement, it is assumed you work completely independently.
    Cases of academic dishonesty will be dealt with seriously. Depending on its severity, it can be an F for the course.

What do I expect from your project?

  • You need to study one interesting and open research problem on systems and security. First, this requires you to study related works. Then you need to have some novel ideas: may it be a new attack on a real system, or a new design and implementation improving the security or performance of a security system. No worries, we will help you find a good project. Moreover, you may evaluate your system in terms of a number of factors, including latency, throughput, scalability, effectiveness, and robustness against failures and attacks. (If it is an attack project, can you fix the problem you discovered?)
      No system is perfect: any problems on your design and implementations? If you have more time, what would you add? Any open problems?

How to write a good academic paper?

  • A short PPT: https://www.cis.upenn.edu/~sweirich/icfp-plmw15/slides/peyton-jones.pdf

References

  • There is no required book.
  • Recommended: Matt Bishop’s book (computer security in general): http://nob.cs.ucdavis.edu/book/book-aands/index.html
  • Optional: Cachin et al. book (modern systems and distributed systems): http://www.springer.com/us/book/9783642152597 (I believe UMBC students have free access to this book.)
  • Optional: Katz Lindell book (modern cryptography): http://www.cs.umd.edu/~jkatz/imc.html
  • Optional: Boneh and Shoup online book (free) https://crypto.stanford.edu/~dabo/cryptobook/draft_0_3.pdf

Course Schedule

Class Date Topic Homework Reading Slides
8/31 Introduction to computer security
Overview of all the topics		 overview
9/5 Policies, trust, mechanisms
Case studies		 A survey of information authentication
9/7 Modern cryptography
A practioner perspective		 For this and subsequent lectures
Symmetric encryption (BR)
Message authentication (BR)		 crypto
9/12 Modern cryptgraphy
A cryptographer perspective		 HW1
9/14 Public key cryptography
Cryptographic engineering		 Please do read before the class
Mathematics for PKC
Here are simplified versions
DL problems (first 16 pages required)
RSA (Section 1-3 required)
9/19 Systems and distributed systems basics Please read Chapter (Basic Abstractions)
9/21 Gaming console operating systems
Guest Lecture by Lawrence Sebald
9/26 State machine replication Review of the reading paper
due 9/25		 Paxos explained from scratch
9/28 BFT Review of the reading paper
due 9/27		 PBFT
10/3 Cloud computing and cloud security
10/5 Domain name system and its security
i
:wq