CS4821 Computer Security

Reading List and Schedule

Texts:

• Security in Computing by Pfleeger, Pfleeger and Margulies (5th Edition) (SIC)
• 24 Deadly Sins of Software Security by Howard, LeBlanc and Viega (24DS)

Week 1 -- 8/30-9/6

Readings

• SIC: Foreword, Preface, and Chapter 1
• 24DS: Foreword, Sin 14 (Poor Usability), and Sin 15 (Not Updating Easily)
• Ken Thompson, Reflections on Trusting Trust (his 1984 Turing Award lecture)

Tasks

• Lab 1 (Intro): due Tuesday night at 11:59PM via Moodle
• Homework questions due Tuesday night by 11:59PM via Moodle
• Subscribe to Bruce Schneier's Crypto-Gram mailing list

• SIC: Chapter 2.1-2.2 (Authentication and Access Control)
• 24DS Sin 17: Failure to Protect Stored Data
• The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments by Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner and John F. Farrell

Tasks

• Homework questions (sent via email) due Tuesday night, (9/15) by 11:59PM via Moodle
• Complete the Permissions exercise on the DETER testbed (9/15) at 11:59PM via Moodle

Week 3 -- 9/14-9/18

Readings

• SIC 2.3 - Cryptography
• 24DS #19 - Use of Weak Password-Based Systems

Tasks

• Homework 3 -- SIC 2.4 Questions 17-24 & 27 and the additional questions sent via email
• Lab 3 -- Substitution Cipher Implementation

Both assignments will be due via Moodle on Sunday, 9/20 at 11:59 PM.

Week 4 -- 9/21-9/25

Readings

• SIC 12 - Details of Cryptography
• 24DS #20 and 21 - Other Cryptographic Sins

Tasks

• Rail fence decryption. Due 9/27 at 11:55 PM.

Week 5 -- 9/28-10/2

Readings

No new readings. Finish reading:

• SIC 12 - Details of Cryptography
• 24DS #20 and 21 - Other Cryptographic Sins

Tasks

• Columnar Transposition lab. Due 10/4 at 11:55 PM.

Week 6 -- 10/5-10/9

Readings

• SIC 3.1 -- Non-malicious Flaws
• 24DS #5, "Buffer Overruns", #6 "Format String Problems," and #7 "Integer Overflows"
• The classic primer on Buffer Overflows:Smashing the Stack for Fun and Profit by Aleph One (1996)

Tasks

• Product Cipher lab. Due 10/13 at 11:55 PM.

Week 7 -- 10/12-10/16

Readings

• SIC 3.2 -- Malicious Flaws
• SIC Chapter 4 -- Web and Email Attacks
• A dissection of The Great Internet Worm -- With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988 by Eichin and Rochlis (1989). Read pages 1-6 for discussion on Monday (the rest is good "fun" reading if you're into that kind of thing).

Tasks

• Final Cipher lab. Due 10/23 at 11:55 PM.

Week 8 -- 10/19-10/23

Readings

• Midterm review and start of Buffer Overflow lab
• Wednesday: Midterm

Tasks

• Buffer Overflow lab (DETER) -- due 10/27 at 11:55 PM

Week 9 -- 10/26-10/30

Readings

• SIC Chapter 4
• Crypto-Gram for October 2015
• SIC Chapter 5

Tasks

• SQL Injection Attacks (DETER) -- due 11/3 at 11:55 PM

Week 10 -- 11/2-11/6

Readings

• SIC Chapter 5
• 24DS: Make sure you have read (skimmed for understanding) Section I (Sins #1-4). See email of 10/28 for skimming instructions.

Tasks

• SQL Injection Attacks (DETER) -- due 11/4 11:55 PM
• Pathname Attacks (DETER) assigned -- due 11/10 at 11:55 PM