This is our expected Syllabus and reading list. Most topics will take
several lectures to cover. In addition to the primary discussion for
each lecture, 5-10 minutes of each lecture will be set aside for
discussion of current events in the computer security arena. Specific
coverage within each leacture will be updated from year to year to
keep the course material up to date with current practice.
Dates may change depending on progress throug the semester. Reading
assignments are designated as such. Links from system names in the
syllabus are for general information only.
Readings are on topics related to the lecture, but lectures are not
from the book. Students are expected to have completed the assigned
readings prior to lecture so that they have backround appropriate for
class discussion.
Date | Topic/Readings | Slides | Lab Info |
Lecture 1
August 24
2018 |
The Security Problem
- A working definition of security
- Evaluating security
- Systems security vs network security vs data security
- Societal aspects of security, ethical and legal foundations
Readings:
- Bishop, Chapter 1, An Overview of Computer Security
|
PPT,
PDF
|
Lab Introduction.
|
Lecture 2 August 31 2018 |
Cryptography - An Overview
- Secret key cryptography
- Public key cryptography
- Hashes and message digests
- Steganography
Readings:
- Bishop, Chapter 9, Basic Cryprography
- Bishop, Chapter 11 (only through section through 11.2), Cipher Techniques
- Garfinkel (Is Encryption Doomed)
|
PPT at Slide 37
PDF at Slide 37
|
Cryptography
|
Lecture 3 September 7 2018 |
Key management
- Diffie-Hellman Key Exchange
- Ties to Authentication Protocols
- Public-key Key Exchange (PGP, X.500, S/MIME)
- Peer-to-peer
- Group key management
Readings:
|
PPT at Slide 81
PDF at Slide 81
|
Authentication
|
Lecture 4,5 September 14,21 2018 |
Authentication and Identity Management
- Password-based authentication
- Unix vs Windows
- Kerberos
- X.500
- Hardware authentication
- Biometrics
- (plus more material to be added)
Readings
|
--
--
|
Authorization
Application Security
|
Lecture 6 September 28, 2018 |
Authorization and Policy
Readings:
|
|
Packet Sniffing
|
Mid-term October 5 2018 |
Mid-Term Exam (9:00 AM - 10:40 AM)
|
Followed by Lecture start of lecture on untrusted computing
|
--
|
Lecture 8 October 12 2018 |
- Viruses
- Worms
- Spyware
- Denial of service attacks
- Transmission vectors, e.g. spam
Readings
|
|
.
|
Lecture 9 October 19 2018 |
Countermeasures
- Firewalls
- Virus checkers
- Patch and configuration management
Readings
Bishop, Chapters 26 and 27, Network and System Security
|
|
Intrusion Detection
|
Lecture 10 October 26 2018
(will extend
into lecture 11) |
Intrusion detection and response
- Commercial Itrusion Detection Systems
- Research Itrusion Detection Systems
- Response systems
Readings
- Bishop, Chapter 25, Intrusion Detection
- Taimur Aslam, Ivan Krsul, and Eugene H. Spafford, A Taxonomy of
Security Faults, Proceedings of the National Computer Security
Conference, Coast TR 96-05, 1996.
- C. Ko, G. Fink, K. Levitt, Automated
Detection of Vulnerabilities in Privileged Programs by Execution
Monitoring, Proc. of the 10th Annual Computer Security
Applications Conference, December 1994, pp 134-144.
- Debra Anderson, Thane Frivold, and Alfonso Valdes, Next Generation Intrusion Detection
Expert System (NIDES) a Summary, SRI Computer Science Laboratory
Technical Report SRI-CSL-95-07, May 1995.
- S Singh, C Estan, G Varghese, S Savage,
The EarlyBird System for Real-time Detection of Unknown Worms
, ACM Workshop on Hot Topics in Networks, 2003.
|
. .
|
Arp Spoofing
|
Lecture 11 November 2nd 2018
|
The Human Element
- Social Engineering
- Complexity of proper security deployment
- Configuration issues
- Passwords
Readings
|
--
|
Tunnels/VPNs
|
Lecture 12 November 9 2018
| p
Trusted Computing
- The Public Perception of Trusted Computing
- The Hardware Basis for Trusted Computing
- The Software and OS Basis for Trusted Computing
- Virtualization
- Negotiating Trust and Obligation
- Case Studies
Readings
|
|
Forensics
|
Lecture 13 November 16th 2018
|
Privacy
|
|
none
|
TG November 23 2018
|
Thanksgiving Recess, No Lecture
|
N/A
|
None
|
Lecture 14 November 30 2018
|
Cyber-Physical Systems
- Requirements for Security
- Need for performance isolation
Security for Cloud Computing
Readings
Selected Topics and Review
|
.
|
None
|
Final Exam Monday December 10, 2018 |
Final Exam (11:00 AM - 1:00 PM)
|
N/A
|
None
|