CS x740 (Spring 2012) — Network Security

Synopsis

CS 4740/6740 is a mixed undergraduate and graduate-level course on network security covering a diverse range of topics at all layers of the networking stack, from physical to application-level security. The course focuses on the intersection between systems security principles and networking, from abstract models to their application in systems code, the Web, and mobile platforms. There is a pronounced emphasis on practical techniques for both defending and attacking systems in support of the high-level goal to impart the “attacker mindset.”

Prerequisites

The official prerequisite for this course is Fundamentals of Computer Networking, or an equivalent course. In addition, familiarity with (or the willingness to learn) UNIX systems, a scripting language such as Ruby or Python, C, and x86 assembly will be useful.

Meetings

Class meets weekly on Wednesdays 6-9 PM in 108 WVH.

Grading

Grades will be assigned based on points awarded for completion of projects, quizzes, and exams. There will be four projects assigned over the course of the semester, a midterm, and a final exam. In addition, quizzes will be given periodically, to be completed during class. Projects can be completed in groups, while the midterm, final, and quizzes must be completed individually. The tentative point distribution is as follows.

Projects	40% (4 x 10%)
Quizzes	10%
Participation	5%
Midterm exam	15%
Final exam	30%

Late assignments will not be accepted unless an agreement is reached with the professor. Separate scales for undergraduates and graduates will be used, and grades may be subject to a curve.

Policies

Students should be familiar with the University Appropriate Use and Academic Integrity policies.

Additionally, due to the sensitive nature of the material covered in this course, a few words on scope are in order. Attack-oriented experiments performed as part of the course projects must be restricted to the computing resources provided for completion of these projects. Alternatively, students can perform these projects using personal resources so long as the experiments are solely executed on personal equipment. “Personal resources” includes attacking systems, target systems, and all intermediary systems and networks.

In particular, attacks performed against University resources or the Internet at large are expressly prohibited.

Announcements

30 Apr

Grades have been released and are available on MyNEU.

19 Apr

The final project is now available at the project server. As we've discussed, you'll have three days to complete it once you start, and you must complete it before the end of finals week. The clock doesn't start ticking until you accept the terms of the final by answering “I ACCEPT” to the first question.

Please contact me in case of any technical problems. Good luck!

29 Mar

Project 3 has been extended to Sunday evening (1 Apr). Please use it wisely!

13 Mar

Project 3 will be released in the next couple of days, and can be accessed at the usual location.

Also, there will be a quiz during class on 28 March.

15 Feb

Project 2 will be released soon, and can be accessed at the submission server. You'll receive instructions on how to access your virtual network via email.

07 Feb

The midterm will be held on 22 Feb during normal class hours, and will be a similar format to the quizzes—i.e., closed notes.

Older news »

01 Feb

The first quiz of the course will be administered in tonight's class, and will cover the networking review material from the first lecture.

25 Jan

The first project has been assigned. If you have not yet received an invitation to register on the project server, or if you have not joined the google group, please let me know immediately.

11 Jan

The course website is now up. However, day-to-day announcements and discussion will primarily occur on the course google group.

Please request an invitation to the group within the next few days. In your request, include your full name and NU email address, but please remember to submit a gmail address as your group membership contact.

Instructor

William Robertson
Email: %6a%5e%65%33%56%56%66%21%61%58%68%21%58%57%68
Office: 260 West Village H
Hours: Thursday 4-6 PM

Teaching Assistant

Yue Chen
Email: %56%66%6b%2a%27%23%33%5a%60%54%5c%5f%21%56%62%60
Hours: TBD

Materials

There is no official textbook for this course. Instead, we will be relying mainly on lectures and readings. However, for those interested in additional resources, a list of supplemental references (e.g., books, tutorials) is also given below.

References

C Development on Linux: Developing C applications on Linux.
Network Dump Capture and Analysis: Capturing and analyzing network dumps with tcpdump and wireshark.
Computer Security: Art and Science: Matt Bishop's overview of computer security fundamentals.
Computer Networks: An introductory textbook on computer networking that introduces networking through the lens of the OSI 7 Layer Model.
TCP/IP Illustrated, Vol. 1: The Protocols: This is one of serveral classics from Stevens, and is still considered by many to be the bible on TCP/IP.
The C Programming Language: The classic introduction to C.

Schedule

Date	Topic	Readings
11 Jan	Introduction and Networking Review	End-to-End Arguments in System Design Rethinking the Design of the Internet
18 Jan	Social Networks	—
25 Jan	Project 1 Lab	—
01 Feb	Network-Layer Attacks Quiz	A Look Back at "Security Problems in the TCP/IP Protocol Suite"
08 Feb	Core Protocols	—
15 Feb	Core Protocols	Timing Analysis of Keystrokes and Timing Attacks on SSH Remote Timing Attacks are Practical
22 Feb	Midterm	—
29 Feb	Core Protocols Web Security	—
14 Mar	Web Security	—
28 Mar	Systems code Quiz	—
04 Apr	SSL Attacks	Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET
11 Apr	Intrusion Detection	Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
18 Apr	Final Review	—

wkr

CS x740 Network Security.