I433/533, CSCI-B 649 Systems & Protocol Security & Information Assurance
(Spring 2012)


[ Home | Policies | Schedule | Project | Paper | Resources ]

Topics

Below is a list of topics I intend to cover (all if time permits). I will provide a more concrete timeline in the schedule below based on our progress through the semester. Make sure you complete the assigned readings before class.
  1. Security and Privacy Goals and Principles
  2. Access Control
  3. Database security
  4. Input Validation, SQL Injection
  5. Cryptography
  6. PKI
  7. Authentication
  8. Network Threats and Firewalls
  9. Security Development Lifecycle
  10. Threat and Adversary Modeling
  11. Designing for Privacy
  12. Usability

Class Schedule

Date Topic Readings
Jan 9 Introduction and Administrivia
Jan 11 What is Security? SM Ch. 1
Jan 13 Lab 1: Linux installation and configuration
Jan 16 Martin Luther King Jr. Day

No class, consider attending these events:
Martin Luther King, Jr. Celebration 2012, Jan 12–16th

Jan 18 Access Control Matrix, UNIX SM Ch. 1, Stallings Ch. 4.4
Jan 20 Lab 2: Access Control in UNIX
Jan 23 Advanced Access Control in UNIX, Projects Stallings Ch. 4.4
Course project page
Jan 25 Databases and SQL Stallings 5.1–5.3
Jan 27 Lab 3: Advanced Access Control in UNIX
Jan 30 Databases and SQL Stallings 5.1–5.3
Feb 1 SQL Injection, Defenses I-308 Page (Scroll to: Input validation and SQL injection),
Attack by Example
Feb 3 Lab 4: Project setup, Databases, SQL Injection
Feb 6 Database security Stallings 5.4
Feb 8 (No class, complete special reading assignment)
Feb 10 Lab 5: Countering SQL Injection, Database Administration
Feb 13 Grads: Paper Proposal Due
Symmetric Cryptography I: Constructs SM Ch 7.1–7.4
Feb 15 Symmetric Cryptography II: Practical considerations SM Ch 7.1–7.4,
Recommended Key Lengths
Feb 17 Lab 6: Symmetric Cryptography
Feb 20 Symmetric Crytography III: Block Chaining and MACs SM Ch 7.1–7.4
Feb 22 Asymmetric Cryptography I: Encryption SM Ch 7.5
Recommended Key Lengths
Feb 24 Lab 7: Encrypted Storage for Location Sharing Project
Feb 27 Asymmetric Crypto II: Digital Signatures SM Ch. 7.5
Feb 29 Asymmetric Crypto III: Hash Functions SM Ch. 7.6,
SM 8.3.4 (Birthday Paradox)
Mar 2 Lab 8: Asymmetric Cryptography
Mar 5 PKI and SSL I SM Ch. 10
Mar 7 PKI and SSL II SM Ch. 10
Mar 9 Lab 9: Setting up a Certificate Authority
Mar 12 Spring Break, no class
Mar 14 Spring Break, no class
Mar 19 PKI and SSL III SM Ch. 10
Mar 21 Authentication I SM Ch. 9
Mar 23 Lab 10: Setting up a Central Authentication Service (CAS)
Mar 26 Authentication II SM Ch. 9
Mar 28 Authentication III SM Ch. 9
Mar 30 Lab 11: MITM Attacks
Apr 2 Network Security I SM Ch. 5
Apr 4 Network Security II SM Ch. 5
Apr 6 Lab 12: Firewalls
Apr 9 Threat Modeling SDL, Ch. 9: Risk Analysis
Apr 11 Threat Modeling SDL, Ch. 9: Risk Analysis
Apr 13 Lab 13: Threat Modeling
Apr 16 Threat Modeling SDL, Ch. 7: Best Practices
Apr 18 Threat Modeling SDL, Ch. 8: Risk Assessment
Apr 20 Grads: Final Term Paper Presentations During Afternoon Lab ("3-Minute Madness")
No lab assignments going forward.
Treat morning lab as AI office hour.
Sun, Apr 22 Grads: Final Term Paper Due
Apr 23 Course Review Session 1 All readings and labs
Apr 25 Course Review Session 2 All readings and labs
Apr 27 No lab assignments: treat as AI office hours
Apr 30 Closed-book, Comprehensive Final Exam
Covers Entire Syllabus (all readings and labs)
10:15am–12:15pm, Informatics East 130