CE 40-442: Network Security
Saturday/Monday 1330-1500
Room: 201 CE Building
Office Hours: Sat/Mon 16:30 to 17:00
TAs: Behnam Momeni
Mohammad Aghamir
Quick Links: Description Acknowledgment Policies Announcements Homeworks CourseMaterial
Description:
This is an introductory course to computer security. This course is primarily based on the Computer Security course taught by Dan Boneh at Stanford University.
Prerequisites: 40-443 Computer Networks
Acknowledgment:
This course is primarily based on the Computer Security course taught by Dan Boneh at Stanford University.
Policies:
- Grading policy is as follows. This is tentative.
- 10% Quiz
- 40% Homeworks
- 20% Midterm
- 30% Final
There will be no exceptions to the following rules:
- If you turn in your assignments one day late you will loose 25% of the grade, two days will cost you 50% and three days 75% of the grade. No submissions will be accepted after the third day. Penlaty may be calculted continusly and per hour of delay.
- Cell Phones must be turned off when you are in class.
- There will be a zero tolerance policy for cheating/copying HWs. The first time you are caught, you will receive a zero for the task at hand. If you are caught for a second time, you will fail the course.
- Providing your assignment to someone else is considered cheating on your behalf.
Announcements:
- Quiz 1 on 1395/12/16, from lectures 0, 1, 2, 3, and 4.
- Quiz 2 on 1396/1/28 from lectures 5, 6, 7, 8, 9, and 10.
- Midterm will be on 1396/2/9, from Lectures 1 to 10, including 10.
- Quiz 3 on 1396/2/25, from lectures 11, 12, 13, 14, and 15.
- Midterm Grades
- HW1 & HW2 Grades
- HW Grades
- All Grades
Homeworks:
- HW 0: Watch this
presentation on scientific ethics made by Dr. Kiarash Bazargan. A local copy is available here. - HW 1: Available: 1395/12/8, Deadline: 1395/12/22, 11:59PM.
- HW 1: [PDF] [Codes] [TA class codes]
- HW 2: Available: 1396/1/20, Deadline: 1396/2/3, 11:59PM.
- HW 3: Available: 1396/2/23, Deadline: 1396/3/6, 11:59PM.
- HW 3: [PDF], Deadline: Khordad 6th, 11:59PM. [CE442-even.trace] [CE442-odd.trace]
Course Material:
This is a tentative class schedule-11/16
- Lecture 0-Pre-Intro! [PDF]
-11/18
- Lecture 1- Introduction [PDF]
-11/23
- Lecture 2- Control hijacking attacks: exploits and defenses [PDF]
- Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Cowan, C., Wagle, F., Pu, C., Beattie, S., & Walpole, J., 2000
- Basic Integer Overflows, blexim, 2002
- Bypassing Browser Memory Protections, A. Sotirov,2008
-11/25
- Lecture 2- Control hijacking attacks: exploits and defenses (con't)
-11/30
- Lecture 3- Dealing with legacy code: sandboxing and isolation [PDF]
-12/2
- Lecture 3- Dealing with legacy code: sandboxing and isolation (Continued)
-12/07
- Lecture 4- Tools for writing robust application code [PDF]
-12/09
- Lecture 5- Principle of least privilege, access control, and operating systems security [PDF]
-12/14
-12/16
- Lecture 7- Basic web security model [PDF]
- Securing Browser Frame Communication, Adam Barth, Collin Jackson, and John C. Mitchell, 2008
- The Security Architecture of the Chromium Browser, Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team, 2008
- Exposing private information by timing web applicationsi, A. Bortz, D. Boneh, and P. Nandy, 2007
-12/21
- Lecture 7- Basic web security model (continued)
-12/23
- Lecture 8- Web application security [PDF]
-1/14
- Lecture 8- Web application security (continued)
-1/19
- Lecture 9- Session management and user authentication [PDF]
-1/21
- Lecture 10- Overview of cryptography [PDF]
-1/26
- Lecture 11- HTTPS: goals and pitfalls [PDF]
-1/28
- Lecture 12- Content Security Policies (CSP), Web workers, and extensions [PDF]
-2/2
- Lecture 13- Security issues in Internet protocols: TCP, DNS, and routing [PDF]
-2/4
-2/9
-2/11
- Lecture 14- Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [PDF]
-2/16
- Lecture 14- Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters (continued)
-2/18
- Lecture 15- Unwanted traffic: denial of service attacks [PDF]
-2/23
- Lecture 16- Trusted Computing and SGX [PDF]
-2/25
- Lecture 16- Trusted Computing and SGX (continued)
-2/30
- Lecture 17- Mobile platform security models: Android and iOS [PDF]
-3/1
- Lecture 18- Mobile threats and malware [PDF]
- FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps, Arzt et al., 2014
- A Large-Scale Study of Mobile Web App Security, P. Mutchler, A. Doupe, J. Mitchell, C. Kruegel, and G. Vigna., 2015
- Target Fragmentation in Android Apps, Mutchler, P., Safaei, Y., Doupé, A. and Mitchell, J., 2016
-3/6
- Lecture 18- Mobile threats and malware (continued)