CE 40-442: Network Security
Saturday/Monday 1500-1630
Room: 201 CE Building
Office Hours: Mon 16:30 to 17:00
Quick Links: Description Acknowledgment Policies Announcements Homeworks CourseMaterial
Description:
This is an introductory course to computer security. This course is primarily based on the Computer Security course taught by Dan Boneh at Stanford University.
Prerequisites: 40-443 Computer Networks
Acknowledgment:
This course is primarily based on the Computer Security course taught by Dan Boneh at Stanford University.
Policies:
- Grading policy is as follows. This is tentative.
- 10% Quiz
- 40% Homeworks
- 20% Midterm
- 30% Final
There will be no exceptions to the following rules:
- If you turn in your assignments one day late you will loose 25% of the grade, two days will cost you 50% and three days 75% of the grade. No submissions will be accepted after the third day. Penlaty may be calculted continusly and per hour of delay.
- Cell Phones must be turned off when you are in class.
- There will be a zero tolerance policy for cheating/copying HWs. The first time you are caught, you will receive a zero for the task at hand. If you are caught for a second time, you will fail the course.
- Providing your assignment to someone else is considered cheating on your behalf.
Announcements:
- Quiz 1 on 1396/7/17
- Quiz 2 on 1396/8/22 from lectures 4, 5, 6, 7, and 8.
- Midterm will be on 1396/8/29 from Lectures 0 to 10, including 10.
- Quiz 3 on 1396/9/20, from lectures 11, 12, 13, and 14.
- Grades
Homeworks:
- HW 0: Watch this
presentation on scientific ethics made by Dr. Kiarash Bazargan. A local copy is available here. - HW 1: [PDF], Available: 1396/7/18, Deadline: 1396/8/3, 11:59PM.
- HW 2: [PDF], Available: 1396/8/9, Deadline: 1396/8/24, 11:59PM.
- HW 3: [PDF] Available: 1396/9/14, Deadline: 1396/10/3, 11:59PM.
Course Material:
This is a tentative class schedule-6/25
- Lecture 0-Pre-Intro! [PDF]
-6/27
- Lecture 1- Introduction [PDF]
-7/1
- Lecture 2- Control hijacking attacks: exploits and defenses [PDF]
- Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Cowan, C., Wagle, F., Pu, C., Beattie, S., & Walpole, J., 2000
- Basic Integer Overflows, blexim, 2002
- Bypassing Browser Memory Protections, A. Sotirov,2008
-7/3
- Lecture 2- Control hijacking attacks: exploits and defenses (con't)
-7/10
- Lecture 3- Principle of least privilege, access control, and operating systems security [PDF]
-7/15
- Lecture 3- Principle of least privilege, access control, and operating systems security (con't)
-7/17
- Lecture 4- Dealing with legacy code: sandboxing and isolation [PDF]
-7/22
- Lecture 4- Dealing with legacy code: sandboxing and isolationi (con't)
-7/24
- Lecture 5- Tools for writing robust application code [PDF]
-7/29
-8/1
- Lecture 7- Basic web security model [PDF]
- Securing Browser Frame Communication, Adam Barth, Collin Jackson, and John C. Mitchell, 2008
- The Security Architecture of the Chromium Browser, Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team, 2008
- Exposing private information by timing web applicationsi, A. Bortz, D. Boneh, and P. Nandy, 2007
-8/6
- Lecture 8- Web application security [PDF]
-8/8
- Lecture 8- Web application security (continued)
-8/13
- Lecture 9- Session management and user authentication [PDF]
-8/15
- Lecture 10- Overview of cryptography [PDF]
-8/20
- Lecture 11- HTTPS: goals and pitfalls [PDF]
-8/22
- Lecture 12- Content Security Policies (CSP), Web workers, and extensions [PDF]
-8/27
-8/29
-9/4
- Lecture 13- Security issues in Internet protocols: TCP, DNS, and routing [PDF]
-9/11
- Lecture 14- Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [PDF]
-9/13
- Lecture 14- Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters (continued)
-9/18
- Lecture 15- Unwanted traffic: denial of service attacks [PDF]
-9/20
- Lecture 16- Trusted Computing and SGX [PDF]
-9/25
- Lecture 17- Mobile platform security models: Android and iOS [PDF]
-9/27
- Lecture 18- Mobile threats and malware [PDF]
- FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps, Arzt et al., 2014
- A Large-Scale Study of Mobile Web App Security, P. Mutchler, A. Doupe, J. Mitchell, C. Kruegel, and G. Vigna., 2015
- Target Fragmentation in Android Apps, Mutchler, P., Safaei, Y., Doupé, A. and Mitchell, J., 2016