csx740 Network Security
CS 4740/6740 is a mixed undergraduate and graduate-level course on network security covering a diverse range of topics at all layers of the networking stack, from physical to application-level security. The course focuses on the intersection between systems security principles and networking, from abstract models to their application in systems code, the Web, and mobile platforms. There is a pronounced emphasis on practical techniques for both defending and attacking systems in support of the high-level goal to impart the “attacker’s mindset.”
The official prerequisite for this course is Fundamentals of Computer Networking, or an equivalent course. In addition, familiarity with (or the willingness to learn) UNIX systems, a scripting language such as Ruby or Python, C, and x86 assembly will be useful.
Class meets Thursdays 6 – 9pm in 309 Kariotis.
Grades will be assigned based on points awarded for completion of projects, quizzes, and exams. There will be four projects assigned over the course of the semester, a midterm, and a final exam. In addition, quizzes will be given periodically, to be completed during class. Projects can be completed in groups, while the midterm, final, and quizzes must be completed individually. The tentative point distribution is as follows.
- 40% (4 x 10%)
- Midterm Exam
- Final Exam
Late assignments will not be accepted unless an agreement is reached with the professor. Separate scales for undergraduates and graduates will be used, and grades may be subject to a curve.
Additionally, due to the sensitive nature of the material covered in this course, a few words on scope are in order. Attack-oriented experiments performed as part of the course projects must be restricted to the computing resources provided for completion of these projects. Alternatively, students can perform these projects using personal resources so long as the experiments are solely executed on personal equipment. “Personal resources” includes attacking systems, target systems, and all intermediary systems and networks.
In particular, attacks performed against University resources or the Internet at large are expressly prohibited.
There is no official textbook for this course. Instead, we will be relying mainly on lectures and readings.
|Thu 04 Sep||Introduction||Introduction and Principles|
|Thu 11 Sep||TCP/IP, Core Protocols||Link Layer, TCP/IP|
|Thu 18 Sep||TCP/IP, Core Protocols||Naming, Routing|
|Thu 25 Sep||TCP/IP, Core Protocols||TLS, IPSEC, Kerberos|
|Thu 02 Oct||Web Security||Web Platform, TLS, HTTPS|
|Thu 09 Oct||Web Security||Cross-Site Scripting and Request Forgery|
|Thu 16 Oct||Midterm Exam||Foundations, TCP/IP, and Core Protocols
|Thu 23 Oct||Web Security||HTML5, CSP, CORS, Extensions, Browser Separation|
|Thu 30 Oct||Systems Code||Assembly Review|
|Thu 06 Nov||Systems Code||Memory (Un)safety|
|Thu 13 Nov||Systems Code||ASLR, Non-Executable Data, CFI|
|Thu 20 Nov||Mobile Devices||Mobile Platform Security|
|Thu 04 Dec||Final Exam||Web Security, Systems Code, and Mobile Security
(Web Platform, Mobile Platform)
|TCP/IP and Authentication||Fri 10 Oct 2014 23:00:00 EDT|