Network Security

Network Security is a mixed undergraduate/graduate course that explores the practical elements of securing networked systems and services. The course goals are the following:

Provide a solid understanding of the design and analysis of network security architectures, protocols, and services
Provide an in-depth examination of contemporary network security standards and their limitations
Provide hands-on experience in attacking and defending network services

Topics covered by this course include:

Security foundations
Attacks against the network stack
Wireless security
Naming and routing
Distributed systems and consensus
Privacy and anonymity
Web security
Malware and malware analysis

Meetings

Class meets Thursdays 6–9 PM in 220 Shillman
TA hours are held Tuesdays 4-5 PM in 601 ISEC
Office hours are by appointment

Grading

Grades will be assigned based on the completion of problem sets, quizzes, and a midterm and final exam. Points will also be awarded for class participation.

Problem Sets: 30%
Quizzes: 15%
Midterm Exam: 25%
Final Exam: 25%
Participation: 5%

Quizzes and exams are performed in class, and are closed-book and closed-notes.

Prerequisites

This course requires a solid background in programming, systems, and networking. Aside from the official course prerequisites, familiarity with the following systems, languages, and tools is strongly suggested.

UNIX/Linux
TCP/IP
C/C++
Bash scripting
Python, Ruby, etc.
JavaScript
SSH
Git

If you are uncertain of your abilities in this respect and cannot come up to speed quickly, you will have significant difficulty with this course.

Policies

Cheating. Work submitted for grading must represent your own effort. Group work is not allowed unless a problem statement specifically states otherwise. There will be zero tolerance for cheating; all cheating cases will be brought to OSCCR. Actions that constitute cheating are defined in the University Academic Integrity Policy, and students that participate in this course must acknowledge that they have read and understood this document.

Grading. Late assignments will be accepted, with the caveat that scores will be penalized by a full letter grade for each day that an assignment is late. Grades may be subject to a curve.

Reference Material. There is no official textbook for this course. Instead, we will rely on lectures and suggested readings. If you need to brush up on background material, refer to relevant courses and their textbook recommendations.

Online Discussion. Online discussion and questions will be handled through Piazza, not via email. A best effort attempt will be made to respond to posts within 24 hours on weekdays during normal working hours. To ensure a timely response, do not wait to ask questions until the night before a submission deadline.

Ethics. This course covers sensitive material that includes information on how to exploit vulnerable software. Attack-oriented work must be restricted to the computing resources provided. Alternatively, students can perform this work using personal resources so long as other computing resources are not affected.

In particular, attacks performed against University resources or the open Internet are expressly prohibited. Students should also be familiar with the University Appropriate Use policy.

Schedule

Note: This schedule is preliminary and subject to change.

Date	Module	Topics and Readings
Thu Jan 11	Foundations	Introduction, Foundations Saltzer & Schroeder, §I.A
Thu Jan 18	The Network Stack	IP and TCP Security Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
Thu Jan 25	Core Internet Services	User and Network Authentication Timestamps in Key Distribution Protocols
Thu Feb 01	Core Internet Services	Transport Layer Security; Quiz Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
Thu Feb 08	Core Internet Services	Naming and Routing A Survey of BGP Security Issues and Solutions
Thu Feb 15	Core Internet Services	Distributed Systems and Consensus Time, Clocks, and the Ordering of Events in a Distributed System
Thu Feb 22	Privacy and Anonymity	Onion Routing and Censorship Tor: The Second-Generation Onion Router (2014)
Thu Mar 01	–	Midterm Exam
Thu Mar 08	–	Spring Break
Thu Mar 15	Web Security	TLS, XSS, CSRF, SQL Injection
Thu Mar 22	Web Security	CSP, CORS, Browser Separation
Thu Mar 29	Malware	Memory Safety
Thu Apr 05	Malware	Vulnerability Analysis
Thu Apr 12	Malware	Malware Analysis; Quiz
Thu Apr 19	–	Final Exam

Problem Sets

Topic	Submission Deadline
Preparation	Wed Jan 24 18:00 EST 2018
Securing a Distributed Hash Table	Mon Feb 05 18:00 EST 2018
Node Communications	Fri Mar 02 18:00 EST 2018
Vulnerability Assessment	Fri Apr 20 18:00 EDT 2018