COMS E6183: Advanced Topics in Network Security
Instructor: Suman Jana
Office: Mudd 412
Office hours: Wednesday 2:45-4:15 pm or by appointment
Classroom: 486 CSB (Clic Lab)
Class hours: Wednesdays (6:10-8 pm)
Description
The goal of this class is to study the state of the art in systems and network security research. A project is required.Grading
Quizzes/homeworks (3) | 35% |
Project | 50% |
Class participation (reading 2/3 papers per class) | 15% |
Schedule
Date | Lectures | Reading |
Jan 20 | Introduction & Overview | Computer Security in the Real World , Real World Fuzzing |
Jan 27 | Memory corruption attacks (slides:ppt, pdf) | Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade , Basic integer overflows |
Feb 3 | Sandboxing and isolation (slides:ppt, pdf) | Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, Efficient Software-Based Fault Isolation |
Feb 10 | Principle of least privilege, access control, and operating systems security (slides:ppt, pdf) | SetUID demystified, Operating Systems Security (Chapter 4) (Project proposals due before class) |
Feb 17 | Class cancelled | Homework 1 assigned |
Feb 24 | Tools for finding bugs (slides:ppt, pdf) | KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (Homework 1 due before class) |
Mar 2 | Denial of service attack (slides:ppt, pdf) | The DDoS That Almost Broke the Internet |
Mar 9 | Basics of web security (slides:ppt, pdf) | The Security Architecture of the Chromium Browser ( Homework 2 assigned) |
Mar 16 | No class (spring recess) | No class (spring recess) |
Mar 23 | Web application security (slides:ppt, pdf) | Cross site scripting explained , SQL Injection attacks, Robust Defenses for Cross-Site Request Forgery (Homework 2 due before class) |
Mar 30 | Web application security (cntd.) | (Mid-project status reports due before class) ) |
April 6 | Session management and user authentication (slides: ppt, pdf) | |
April 13 | Content Security Policies (CSP), Web workers, and extensions (slides: pdf) | (Homework 3 assigned) |
April 20 | Mobile security (slides: ppt, pdf) | (Homework 3 due before class) |
April 27 | Attacks on Internet protocols: TCP/IP, DNS, BGP SSL and certificates | |
May 4 | Project presentations | |
May 11 | Project presentations/ Final reports due |