I433 System & Protocol Security
Syllabus
The course conetent includes
- The basics of modern cryptography (symmetric crypto and
assymetric crypto) and their common usages (e.g.,
authentication, Keberos, SSL), and how they were
broken/circumvented in practice.
- Low level software security on binary executables,
memory attacks. Through
introducing self-modifying code, we will
appreciate the importance of establishing a righteous
attitude toward trust on programs.
- Web and network security, which covers some of the most
frequently reported vulnerabilities and attacks.
- Some (2~3) optional topics requested by the course
participants.
Some programming background is necessary. A specific language is
not required, but it is assumed you can pick up new languages
where needed for this course.
Instructor & Moderator: Yan Huang
Class Meetings: Mon Wed 12:20-13:10 BH 317
Labs: Friday 10:10-11:00, 11:15-12:05, INFO 009
AI: Shruti Shivaramakrishnan (sshivara@indiana.edu)
Office Hours: Monday/Wednesday/Friday after classes
Schedule
| Date |
Contents |
| Jan 11 |
Introduction |
| Jan 13 |
Security Principles
Additional reading: Protection of Information in Computer Systems, Saltzer and Schroeder, 1975. |
| Jan 20 |
Symmetric Encryption:
Defining Security and Perfectly Secure Cipher
|
| Jan 25 |
Block Ciphers and DES
|
| Jan 27 |
The AES Block Cipher
|
| Feb 1 |
Modes of Operation and
Semantic Security
|
| Feb 3 |
CPA, Padding
Oracle Attacks, and CCA
|
| Feb 8 |
Message Authentication Codes
|
| Feb 10 |
Cryptographic Hashes
|
| Feb 15 |
Buffer Overflows
Reading: Smashing the stack for fun and profit, Aleph One, 1997
Reading: Exploiting Format String Vulnerabilities
|
| Feb 17 |
More exploits and countermeasures of overlfows
|
| Feb 29 |
Integer
overflow and Format String attacks
Reading: Exploiting
Format String Vulnerabilities
|
| Mar 2 |
Memory Attacks on the Heap
|
| Mar 7 |
Authenticated Encryption
|
| Mar 9 |
The Kerberos Authentication System
Reading: Designing an Authentication System: A Dialogue in Four Scenes
|
| Mar 23 |
Midterm Review & Memory Efficient Hash Attacks
|
| Mar 28 |
Key Distribution (1)
Reading: New Directions in Cryptography, W. Diffie and M. Hellman, IEEE Trans. on Information Theory, 1976
|
| Mar 30 |
Key Distribution (2) -- Diffie-Hellman
|
| Apr 6 |
Public Key Cryptography (Textbook RSA Encryption Scheme)
|
| Apr 11 |
Public Key Cryptography (Digital Signatures)
|
| Apr 13 |
Public Key Infrastructure
|
| Apr 18 |
Web Security - JavaScript
Rootkits
Reading: Rootkits
for JavaScript Environments. Ben Adida, Adam Barth, Collin
Jackson
|
| Apr 20 |
Web Security - Same Origin Policies
Reading: Beware
of Finer-Grained Origins. Collin Jackson, Adam
Barth.
|
| Apr 25 |
Web Security - Advanced Issues
|
| Apr 27 |
Reflections on Trusting Trust
Reading: Reflections
on Trusting Trust. Ken Thompson, Comm. of ACM, 1984.
|