CS4821 Computer Security

Reading List and Schedule

Texts:

Security in Computing by Pfleeger, Pfleeger and Margulies (5th Edition) (SIC)
24 Deadly Sins of Software Security by Howard, LeBlanc and Viega (24DS)

Week 1 -- 8/30-9/6

Readings

SIC: Foreword, Preface, and Chapter 1
24DS: Foreword, Sin 14 (Poor Usability), and Sin 15 (Not Updating Easily)

Tasks

Lab 1 (Intro): due Sunday night (9/13) at 11:59PM via Moodle
Homework questions due Tuesday night (9/15) at 11:59PM via Moodle
Subscribe to Bruce Schneier's Crypto-Gram mailing list

Week 2 -- 9/8-9/13

Readings

SIC: Chapter 2.1-2.2 (Authentication and Access Control)
24DS Sin 17: Failure to Protect Stored Data
Homework questions (sent via email) due Tuesday night, (9/15) by 11:59PM via Moodle

Tasks

Complete the Intro to Linux and DETER exercise on DETER testbed (Due 9/13) at 11:59PM via Moodle

Week 3 -- 9/14-9/18

Readings

SIC 2.3 - Cryptography
24DS #19 - Use of Weak Password-Based Systems

Tasks

Homework 3 -- SIC 2.4 Questions 17-24 & 27 and the additional questions sent via email
Lab 2 -- POSIX Permissions

Both assignments will be due via Moodle on Sunday, 9/20 at 11:59 PM.

Week 4 -- 9/21-9/25

Readings

SIC 12 - Details of Cryptography
24DS #20 and 21 - Other Cryptographic Sins

Tasks

Finish POSIX Permissions. Due 9/27 at 11:55 PM.

Week 5 -- 9/28-10/2

Readings

No new reading. Continue reading:

SIC 12 - Details of Cryptography
24DS #20 and 21 - Other Cryptographic Sins

Tasks

Vigenere Encraption Lab. Due 10/4 at 11:55 PM.

Week 6 -- 10/5-10/9

Readings

SIC 3.1-3.2 -- Non-malicious and Malicious Flaws

24DS #5, "Buffer Overruns", #6 "Format String Problems," and #7 "Integer Overflows"

Please focus on 3.1 and 24DS #6 (Buffer Overflows) for Monday.

Totally optional: The original primer on Buffer Overflows:Smashing the Stack for Fun and Profit by Aleph One (1996)

Tasks

Columnar Transposition Encraption lab. Due 10/13 at 11:55 PM.

Week 7 -- 10/12-10/16

Readings

Finish SIC 3.2 -- Non-malicious and Malicious Flaws
SIC 4 -- Web and Email Attacks

Tasks

Product Cipher Encraption lab. Due 10/20 at 11:55 PM.

Week 8 -- 10/19-10/23

Readings

Finish SIC 3
Start SIC 4
Midterm on Wednesday 10/21

Tasks

Start Buffer Overflow lab -- due 11/3 at 11:55 PM

Week 9 -- 10/26-10/30

Readings

Finish SIC Chapter 4
Crypto-Gram for October 2015
SIC Chapter 5

Tasks

Buffer Overflow lab -- due 11/3 at 11:55 PM

Week 10 -- 11/2-11/6

Readings

SIC Chapter 5
Optional: Read Section I of 24DS on web vulnerabilities.

Tasks

Buffer Overflow lab -- due 11/4 at 11:55 PM
SQL Injection lab -- due 11/10 at 11:55 PM

Week 11 -- 11/9-11/13

Readings

SIC Chapter 6 -- Network Security

Tasks

SQL Injection lab -- due 11/11 at 11:55 PM
Pathname Attacks lab -- due 11/17 at 11:55 PM

Week 12 -- 11/16-11/20

Readings

SIC Chapter 6 -- Network Security

Tasks

Pathname Attacks lab -- due 11/17 at 11:55 PM
Firewalls lab -- due Sunday, 11/29 at 11:55 PM

Week 13 -- 11/23-11/25

Readings

SIC Chapter 6 -- Network Security

Tasks

Firewalls lab -- due Sunday, 11/29 at 11:55 PM

Week 14 -- 11/30-12/4

Readings

Privacy and Security (no readings)

Tasks

MITM lab -- due Sunday, 12/13 at 11:55 PM

Week 15 -- 12/7-12/11

Readings

Privacy and Security (no readings)

Tasks

MITM lab -- due Sunday, 12/13 at 11:55 PM

Finals Week -- 12/14-12/18

Final Exam

Friday, December 18th, 2015 from 2:00-3:55 in HH 306. (sorry!)

Extra Credit Assignments

Unless otherwise specified, all extra credit will be due by midnight on the last day of finals week in the associated Moodle Drop box.

Product Cipher short answer questions (2%): Do the short answer questions in the full product cipher lab.
CBC Mode Cipher and short answer questions (3%): This assignment has you extend your product cipher with Cipher Block Chaining and also has you perform some additional analysis about the quality of your cipher.