CMSC414: Computer and Network Security (414)

CSIC 2117, MW 3:30 - 4:45
Fall 2015

http://414.kelehers.me
(Syllabus | Piazza)

This web page and schedule will be updated as the course goes along. Please check it regularly, and don't forget to reload.

Announcements:


Course Outline

This course is an introduction to the broad field of computer, network, and information security. We will cover both computer security (including such topics as security policies, access control, viruses, etc.) and network security (such as protocols for maintaining confidentiality of email or for secure web transactions), along with some relevant background in basic cryptography.

The dates and details below will change dramatically, but they do constitute a rough description of what we will be studying.

Instructor: Pete Keleher (keleher@cs).
  Office: 4157 A.V. Williams Building.
  Office hours: 4:45 pm - 5:45 pm Wednesday, and by appointment.
Teaching Assistants:
  Katura Harvey (kharvey@terpmail.umd.edu): Tuesdays 12:30-1:30 5-6 pm, Wednesdays 2-3 pm
  Kartik Nayak (kartik1507@gmail.com): Mondays, 8:50-10:50 am, AVW 4103
  Lee Williams: Thursdays (drummerx04@gmail.com), 1-3 pm, AVW 4103
  Chengxi Ye (cxy@cs.umd.edu): Fridays, 1-3 pm, AVW 4103

MondayWednesday
Aug 31 "Introduction"

Required reading:

  • "Reflections On Trusting Trust", Ken Thompson, (pdf)
  • Chapter 1 of [Anderson]

Optional:
  • Example used in class: "Analysis of an Electronic Voting System", Kohno et al. (pdf)

(slides)

Sep 2 Software Security

"Buffer overflow attacks"

Required reading:

  • "Smashing the Stack for Fun and Profit", Aleph One (pdf)

(slides)

Sep 7 Labor Day Sep 9 "Buffer overflow attacks and defenses"

Required reading:

  • "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks" (pdf)
Optional but very useful:

(slides)

Sep 14 Memory safety / Viruses

Optional reading:

(slides)

Sep 16 "Malware: Viruses"

  • "Hunting for Metamorphic" (pdf)

(slides)

Sep 21 "Virus case studies &
Worms"

  • "How to 0wn the Internet in Your Spare Time" (pdf)
Optional reading:
  • "A History of Computer Viruses - The Famous 'Trio'" (pdf)

(slides)

Sep 23 Project #1 Due Saturday
" Virus case studies &
SQL Injection"

  • "SQL Injection Attacks by Example"

(slides)

Sep 28 "Web security: CSRF "

  • "Web security: Are you part of the problem?" (www)
  • "Cross-Site Request Forgery: An Introduction..." (pdf)

    (slides)

Sep 30 "Web security: XSS "

Oct 5 " Principles of secure software design"

  • (opt) "Secure Programming for Linux and Unix HOWTO", Chapters 7.1-7.10 (www)
  • vsftpd's design (www)

(slides)

Oct 7 Midterm 1
Oct 12 Cryptography
"Midterm recap and Intro To Cryptography"

(slides)

Oct 14 "Intro to cryptography"

(slides)

Oct 19 Project #2 Due Today
"Static Analysis"

(slides)

Oct 21 "Networking"

(slides)

Oct 26 "Network Attacks"

(slides)

Oct 28 "Hashes and MACs"

(slides)

Nov 2 Public Key Crypto Suggested Reading:
  • Twenty Years of Attacks on the RSA Cryptosystem (pdf)

(slides)

Nov 4 Project #3 Due Saturday
"More Public Key, Zero Knowledge "

(slides)

Nov 9 Authentication

(slides)

Nov 11 Privacy

Maintaining Patient Confidentiality... by Sweeney

(slides)

Nov 16 Review Nov 18 Midterm 2

Nov 23 PKIs, returning tests

(slides)

Nov 25 Thanksgiving
Nov 30 E-Voting

(notes)

Dec 2 Project #4 Due Saturday
E-Cash

(notes)

Dec 7 Bitcoin

(slides)

Dec 9 Security in Big Systems


Projects


Reference

Please read the statement on academic integrity.