CSCI 4250/6250 - Computer and Network Security

Fall 2011


Instructor Prof. Roberto Perdisci
Credits 4
Location GSRC-208 M, CHEMISTRY-455 TR 
Time 2:30-3:20pm M, 2:00-3:15pm TR (also see course calendar)
Prerequisites Good knowledge of OS and Networks.  Familiarity with Linux is a must!  Languages: C/C++, Java, or Python.
Office Hours Tuesdays, 3:15-5:00pm (Boyd GSRC, Room 423)
TA
Enrico Galli <egalli [AT] uga [DOT] edu> (Office Hours: Thursdays 11am-1pm - Boyd GSRC 301b or 307)

NOTE: The course syllabus is a general plan for the course; deviations announced to the class by the instructor may be necessary.

Course Overview

This course provides an introduction to computer security for senior undergrad and graduate students. The course will cover topics such as confidentiality, integrity, and availability of data and resources, authentication and authorization, security design principles, cryptographic functions and protocols, systems and network vulnerabilities, malware, and operational security.

At the end of the term, students will possess a panoramic view of computer and network security concepts, and will have acquired a deep understanding of the most important vulnerabilities, attacks, and defense mechanisms. The main goal of the course is to provide students with the knowledge necessary to design and develop more secure computer systems and networks by learning from past mistakes and avoiding common security pitfalls.

Prerequisites: This course will require a good knowledge of operating systems and networking concepts. In addition, familiarity with Linux is a fundamental prerequisite. Students are also required to have good knowledge of high-level languages such as C/C++, Java, or Python.

  • Textbooks:
    • Introduction to Computer Security
      Michael T. Goodrich and Roberto Tamassia
      Addition Wesley

    • Network Security: Private Communication in a Public World, 2/e
      Charile Kaufman, Radia Perlman, Mike Speciner
      Prentice Hall

  • Recommended Readings:
    • Introduction to Computer Security
      Matt Bishop
      Addition Wesley

    • The Web Application Hacker's Handbook, 2/e
      Dafydd Stuttard and Marcus Pinto
      Wiley

    • Operating System Security
      Trent Jaeger
      Morgan and Claypool Publishers

    • Computer Networking: A Top-Down Approach Featuring the Internet, 5/e
      James F. Kurose and Keith W. Ross
      Addition Wesley

    • TCP/IP Illustrated, Volume 1: The Protocols
      W. Richard Stevens
      Addition Wesley

  • Other resources

Grading

Students will be evaluated using the following criteria (U = undergrad, G = graduate):

Class Participation: U,G=5%
Paper Presentations: U=N/A, G=10%
Development Projects and Assignments: U,G=25%
Midterm Exam: U=35%, G=25%
Final Exam: U,G=35%


Class Participation
The lectures will include topics that are not necessarily covered in the textbook. This topics will be part of the midterm and final evaluations, therefore class participation is highly recommended. In addition, since class participation is worth 5% of the final grade, students will be required to sign an attendance log for a randomly selected subset of the classes, based on which the attendance grade will be computed.

Paper Presentations
Graduate students will be required to read academic publications or technical papers, and prepare presentations to be given to the entire class. The presentations should clearly summarize the topic of the paper, briefly describe the proposed attack or defense systems, and outline the most important evaluation results. Attack or defense demonstrations may also be required, depending on the topic.
NOTE: some of the topics discussed in the assigned papers may be part of the midterm and final exams.

Development Projects and Assignments
Throughout the course, students will be required to complete a number of development projects and other assignments. Some projects and assignment must be conducted individually, while others may be conducted in groups (I will indicate which ones in class). The projects will focus on security exercises involving system and network programming in Linux. Other assignments will consist of pencil-and-paper homework on the analysis of security mechanisms and attack scenarios. Each successfully completed assignment will be attributed a varying number of points, depending on assignment difficulty.

IMPORTANT: most development projects will be evaluated using a binary criteria: "program works correctly" = max points; "program does not work according to specifications" = 0 points. Possible exceptions to this rule will be announced during class.

LATENESS POLICY: Students are allowed a maximum of 2 late submissions for the assignments and projects. If this threshold is exceeded, all future late assignments will be penalized 100% (i.e., will be assigned 0 points). To be considered for grading, late submissions must not exceed 7 days from the related assignment or project deadline indicated on the course calendar.

Midterm and Final Exams
The midterm exam will include topics covered up to the exam date. The final exam may include all topics studied during the entire course, with a focus on topics covered during the second half of the term. Both the midterm and final exams may include topics from the papers assigned for presentation.


Academic Integrity and Ethics

As a University of Georgia student, you have agreed to abide by the University’s academic honesty policy, “A Culture of Honesty,” and the Student Honor Code. All academic work must meet the standards described in “A Culture of Honesty” found at: www.uga.edu/honesty. Lack of knowledge of the academic honesty policy is not a reasonable explanation for a violation. Questions related to course assignments and the academic honesty policy should be directed to the instructor.

In this course we will discuss vulnerabilities and exploits. Students must always follow an ethical and responsible conduct when learning about computer and network attack techniques.