INFO/CSCI-B 433 Security For Networked Systems
(Spring 2018)


[ Home | Policies | Schedule | Paper | Resources ]

Topics

Below is a list of topics I intend to cover (all if time permits). I will provide a more concrete timeline in the schedule below based on our progress through the semester. Make sure you complete the assigned readings before class.
  1. Security and Privacy Goals and Principles
  2. Access Control
  3. Database security
  4. Input Validation, SQL Injection
  5. Cryptography
  6. PKI
  7. Authentication
  8. Network Threats and Firewalls
  9. Security Development Lifecycle
  10. Threat and Adversary Modeling
  11. Designing for Privacy
  12. Usability

Class Schedule

Date Topic Readings
Jan 8 Introduction and Administrivia Course policies, Plagiarism
Jan 10 What is security? SB Ch. 1.1–1.3
Jan 11 No lab
Jan 15 Martin Luther King Jr. Day

No class, consider attending these events:
Martin Luther King, Jr. Celebration 2018

Jan 17 Concepts in security design SB Ch. 1.1–1.3
Jan 18 Lab 1: Linux Installation Lab
Jan 22 Introducing the Access Control Matrix SB Ch. 4.1–4.4
Jan 24 Access Control in UNIX SB Ch. 4.1–4.4
Jan 25 Lab 2: Unix Permissions
Jan 29 Extended ACLs in UNIX SB Ch. 4.1–4.4
Jan 31 Advanced Access Control Concepts SB Ch. 4.1–4.4
Feb 1 No Lab: Office Hours in Lab
Feb 5 Class Projects SB Ch. 5.1–5.5
Feb 7 Databases and SQL — Demo SB Ch. 5.1–5.5
Feb 8 Lab 3: Advanced Access Control in UNIX
Feb 12 Databases and SQL — Demo SB Ch. 5.1–5.5
Feb 14 Databases and SQL — SQL Injection SB Ch. 5.1–5.5
Feb 15 No Lab: Office Hours in Lab
Feb 18 Paper Proposal Due
Feb 19 Databases and SQL — SQL Injection SB Ch. 5.1–5.5
Feb 21 Databases and SQL — Access Control SB Ch. 5.1–5.5
Feb 22 Lab 4: SQL Injection
Feb 26 SQL Injection Defenses — Prepared Statements and Input Validation SB Ch. 5.1–5.5
Feb 28 Buffer Overflow — Execution Basics SB Ch. 10.1
Mar 1 No Lab: Office Hours in Lab
Mar 5 Buffer Overflow — The Stack SB Ch. 10.1
Mar 7 Buffer Overflow — Stack Smashing: DoS Example SB Ch. 10.1
Mar 8 Lab 5: SQL Injection — Defenses
Mar 12 Spring Break, no class
Mar 14 Spring Break, no class
Mar 19 Buffer Overflow — Stack Smashing: Password Example SB Ch. 10.1
Mar 21 Buffer Overflow — Stack Smashing: Shellcode SB Ch. 10.1
Mar 22 No Lab: Office Hours in Lab
Mar 26 Buffer Overflow — Stack Smashing: Shellcode SB Ch. 10.1
Mar 28 Buffer Overflow — Defenses SB Ch. 10.2
Mar 29 Lab 6: Buffer Overflow: Attack and Defense
Apr 2 Security Development Lifecycle: Best Practices SDL Ch. 7
Apr 4 Security Development Lifecycle: Risk Assessment SDL Ch. 8
Apr 5 No Lab: Office Hours in Lab
Apr 9 Security Development Lifecycle: Risk Analysis SDL Ch. 9
Apr 11 Security Development Lifecycle: Risk Analysis SDL Ch. 9
Apr 12 No Lab: Office Hours in Lab
Apr 16
Apr 18 Final Exam Review Session
Apr 19 In-Lab Project presentations
Sun, Apr 22 Final Term Paper Due
Apr 23
Apr 25
Apr 26
Apr 30 Closed-book, Comprehensive Final Exam
Covers Entire Syllabus but heavily based on Study Guide
10:15am–12:15pm, Informatics West 130