CS 2530 Syllabus

CS 2530 ─ Computer and Network Security ─

Fall 2005

Syllabus

Instructor: Prof. José Carlos Brustoloni (jcb@cs.pitt.edu)

-- Classes: SENSQ 5313 – M W 2:25 – 3:50 p.m.

-- Office/Lab hours: SENSQ 5506 (LCNSI) – M W 3:55 – 5:55 p.m.

Teaching Assistant: Andreea Munteanu Berfield (andreea@cs.pitt.edu)

-- Office/Lab hours: SENSQ 5506 (LCNSI) – T H 12:30 – 2:30 p.m.

F 10:50 a.m. – 12:50 p.m.

Goals

The accelerating frequency and sophistication of attacks against computers systems and networks make it clear that, to be effective, most computer scientists need a good understanding of security principles and how to apply them. This course’s goal is to provide such background, allowing students to do well in contemporary computer systems research or advanced development.

Pre-requisites

CS 1550 (Introduction to Operating Systems)

Topics

The course will cover the following topics:

· Cryptographic algorithms for data confidentiality, authentication, and integrity

o Secure hash functions: MD5, SHA-1, HMAC

o Symmetric ciphers: DES, 3DES, AES, RC4

o Block cipher modes: ECB, CBC, CFB, OFB, CTR

o Public-key cryptography: RSA, DH

o Digital signatures: RSA, DSA

· User authentication: passwords, tokens, biometrics

· Secure Shell (SSH)

· Transport-Layer Security (TLS/SSL)

· Key management: Kerberos, Public Key Infrastructure (PKI), PGP’s web of trust

· IPsec and virtual private networks

· Firewalls

· Intrusion detection systems

· Distributed denial-of-service attacks

· Local area network security: 802.1x, RADIUS, Wi-Fi WEP, captive portals, 802.11i, IrDA, Bluetooth, ZigBee, DOCSIS (cable, WiMax)

· Discretionary access control: access control lists and capabilities

· Security policies: Bell-LaPadula, Biba, Clarkson-Wilson, domain-type enforcement (DTE), role-based access control (RBAC)

· Software vulnerabilities (including buffer overflow)

· Malware: viruses, worms

· Trusted computing: secure coprocessors, secure architectures, virtual machines

· Cryptographic file systems

· Digital rights management (including watermarking)

· Usable security

Textbook (required)

William Stallings. “Cryptography and Network Security: Principles and Practices,” 3^rd ed., Prentice Hall, 2003 (ISBN 0-13-091429-0).

Additional readings (required)

Papers 1 (DDoS):

Protecting Electronic Commerce from Distributed Denial-of-Service Attacks,

http://www.cs.pitt.edu/~jcb/papers/www2002.ps

SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, http://www.ece.cmu.edu/~adrian/projects/siff.pdf

Papers 2 (LAN security):

Intercepting Mobile Communications: The Insecurity of 802.11, http://www.cs.berkeley.edu/~daw/papers/wep-mob01.pdf
Detecting and Blocking Unauthorized Access in Wi-Fi Networks, http://www.cs.pitt.edu/~jcb/papers/net2004.pdf
Security Weaknesses in Bluetooth, http://www.informatics.indiana.edu/markus/papers/bluetooth.pdf

Papers 3 (Security policies):

Lattice-Based Access Control Models, http://www.list.gmu.edu/journals/computer/i93lbacm(org).pdf
Role-Based Access Control Models, http://www.list.gmu.edu/journals/computer/i94rbac(org).pdf
Confining Root Programs with Domain and Type Enforcement (DTE), http://www.usenix.org/publications/library/proceedings/sec96/full_papers/walker/walker.ps

Papers 4 (Trusted computing):

Understanding Trusted Computing, http://www.princeton.edu/~echi/ele572/Felten%20-%20Understanding%20trusted%20computing.pdf
Cryptography and Competition Policy -- Issues with 'Trusted Computing', http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tcpa.pdf
Design and Implementation of a TCG-based Integrity Measurement Architecture, http://www.usenix.org/events/sec04/tech/full_papers/sailer/sailer.pdf
Open-Source Applications of TCPA Hardware, http://www.cs.dartmouth.edu/~carlo/research/bearapps/bearapps.pdf
Using Secure Coprocessors to Protect Access to Enterprise Networks, http://www.cs.pitt.edu/~jcb/papers/net2005.pdf

Papers 5 (Cryptographic file systems):

The Design and Implementation of a Cryptographic Filesystem for UNIX, http://www.usenix.org/publications/library/proceedings/usenix01/freenix01/full_papers/cattaneo/cattaneo.pdf
Scalable secure file sharing on untrusted storage, http://www.hpl.hp.com/research/ssp/papers/FAST2003-plutus.pdf

Grading:

21% First midterm exam (9/28)

21% Second midterm exam (11/9)

21% Final exam (12/14)

7% Each of 5 laboratory experiments (total 35%)

or 35% Project

up to 5% Class attendance and participation

The laboratory experiments cover password-based authentication; eavesdropping, dictionary, man-in-the-middle, port-scanning, and fingerprinting attacks; and defenses against such attacks using SSH, SSL, PKI, IPsec, and firewalls. Students who are already familiar with this material should meet with the instructor by 9/2 to arrange an alternate project.

Calendar

Note: subject to revision

Important dates:

8/29 First class

9/9 Add/Drop deadline

9/23 Satisfactory/Audit deadline

9/28 First midterm exam

10/28 Withdrawal deadline

11/9 Second midterm exam

11/23-11/27 Thanksgiving recess

12/12 Last class

12/14 Final exam (2:25 – 3:50 p.m.)

Date	Topic	Readings	Notes
8/29	Introduction Secure hash functions	1.1, 1.2, 11.4 (pp. 328, 329, 332, 333), 12.1
8/31	User authentication	12.2, 12.4, 18.3
9/5	(Labor day)
9/7	SSH	3.2-3.6, 6.1
9/12	Symmetric ciphers Block cipher modes	5.1, 5.2, 6.5, 3.7
9/14	Public-key cryptography	9.1, 9.2, 10.2
9/16	(Lab 1 due 5 p.m.)
9/19	Message authentication codes Digital signatures	11.1-11.3, 11.5, 13.1-13.3
9/21	Key management : Kerberos, PKI, PGP web-of-trust	7.3, 10.1, 14.1, 14.2, 15.1
9/26	(no class)
9/28	(First midterm exam)
10/3	IPsec	16.1-16.6
10/5	TLS	17.1, 17.2
10/7	(Lab 2 due 5 p.m.)
10/10	Intrusion detection	18.1, 18.2, 18A
10/12	Firewalls	20.1
10/17	Distributed denial of service	Papers 1
10/19	Usable Security (Guest lecturer: Lorrie Cranor, CMU)	(noon SENSQ 5317)
10/19	LAN security	Papers 2
10/24	Access control lists and capabilities	20.2
10/26	Security policies	Papers 3
10/28	(Lab 3 due 5 p.m.)
10/31	Trusted computing	Papers 4
11/2	RBAC (Guest lecturer: James Joshi, SIS/Pitt)	(noon SENSQ 5317)
11/2	Trusted computing
11/7	(no class)
11/9	(Second midterm exam)
11/14	(no class)
11/16	(no class)
11/18	(Lab 4 due 5 p.m.)
11/21	Cryptographic file systems	Papers 5
11/23	(Thanksgiving recess)
11/28	Malware: viruses, worms	19.1, 19.2
11/30	(no class)
12/5	(no class)
12/7	Software vulnerabilities
12/9	(Lab 5 deadline)
12/12	(review)
12/14	(Final exam)

Policies

· Class attendance is required.

· There will also be two guest lectures during the semester where student attendance will be required (schedule TBD).

· You should check daily for course announcements on http://courseweb.pitt.edu

· All your answers to assignments and exams must be your own.

· Do discuss course materials and assignments with other students at a conceptual level, but:

o do not copy answers from others, and

o do not allow others to copy your answers.

· Students caught cheating will fail the course.

· Late laboratory experiments will be penalized and may not be accepted if too late.

· Except in case of documented emergency, there will be no make-up exams.

Religious observances

If a scheduled class or exam conflicts with a religious observance you have, please alert the instructor as early as possible in the term for rescheduling or other accommodation.

Students with disabilities

If you have a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services, 216 William Pitt Union, (412) 648-7890/(412) 383-7355 (TTY), as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.