CIS 551 - Computing and Network Security

CIS/TCOM 551 - Computer and Network Security
Spring 2005

Topics Reading Projects Grading Lectures

Time: Tues. & Thurs. 1:30 - 3:00
Room: Towne 303

Instructors:

Matt Blaze
e-mail: blaze at-sign cis.upenn.edu
office hours: TBD

Steve Zdancewic
e-mail: stevez at-sign cis.upenn.edu
office hours: Tues. 9-10 am., Levine 511

Teaching Assistants:

Eric Cronin
e-mail: ecronin at-sign cis.upenn.edu
office hours: Weds. 4:30-5:30 pm., Moore 102D.

Gaurav Shah
e-mail: gauravsh at-sign seas.upenn.edu
offic hours: Thurs. noon-1 pm., GRW 461.

Topics (roughly):

System Security: hacker behavior, intrusion & anomaly detection, hacker and admin tools
Networks & Infrastructure: TCP/IP, Denial of Service, IPSEC, TLS/SSL
Basic Cryptography: Shared key crypto (AES/DES), Public Key Crypto (RSA), hashes
Crypto software: Open SSL library, applications (authentication, digital signatures)
Trust & Configuration management
Malicious code: buffer overflows, viruses, worms, protection mechanisms
Covert Channels

Reading

There is no required textbook for this class. Instead, see the following sources:

The Protection of Information in Computer Systems, Saltzer & Schroeder (1975)
The Internet Worm Program: An Analysis, Gene Spafford (1988)
Smashing the Stack for Fun and Profit, Aleph One (1996)
Introduction to the Internet Protocols, Charles L. Hedrick (Rutgers). This 1987 tutorial is surprisngly up to date, and is a very concise introduction to the basics of the Internet protocols.
Open SSL web page. The OpenSSL library is installed on eniac-l.
"A look Back at 'Security Problems in the TCP/IP Protocol Suite'". S. M. Bellovin. 20th Computer Security Applications Conference. December 2004.
"Advanced 4.4BSD Interprocess Communication Tutorial." Lefler, et al.
Why Cryptosystems Fail, Ross Anderson (1993)
Inside the Slammer Worm, Moore et al. (2003).
How to 0wn the Internet in Your Spare Time , Staniford, Paxson, and Weaver (2002).
Top Speed of Internet Flash Worms, Staniford, Moore, Paxson, and Weaver (2004).
Internet Quarantine: Requirements for Containing Self-propagating Code, Moore et al. (2003)
Automated Worm Fingerprinting, Singh et al. (2004)
Bro Intrusion Detection System
Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson. (1998)
NSA Central Security Service
TCSEC
National Information Assurance Training and Information Center

Projects

Project 1: Buffer Overflows Due: 27 Jan. 2005 (note extended deadline)

Project 2: Secure Communication Due: 4 March 2005 (6pm)

Project 3: Feckless Network Intrusion Detection Due: 22 April 2005 (6pm)

Grading Criteria

15% Midterm 1 - date tentatively Feb. 10th
15% Midterm 2 - date March 31st
25% Final exam - date to be determined
20% Two individual projects
20% Group project
05% Course participation

Lecture Slides

Zdancewic Lecture 1 -- Introduction, discussion about software security.
Zdancewic Lecture 2 -- Designing Secure Software.
Zdancewic Lecture 3 -- Programming languages (C/C++/perl).
Zdancewic Lecture 4 -- Java / C# Stack Inspection.
Zdancewic Lecture 5 -- Worms and Viruses.
Zdancewic Lecture 6 -- Worms: Modeling and Quarantine Simulation
Zdancewic Lecture 7 -- Viruses, Worms, and Intrusion Detection
Zdancewic Lecture 8 -- Worm Signatures
Zdancewic Lecture 9 -- Language-based Security Research
Zdancewic Lecture 10 -- Network Intrusion Detection: Bro
Zdancewic Lecture 11 -- Covert Channels
Zdancewic Lecture 12 -- Access Controls and OS Security
Zdancewic Lecture 13 -- Unix and Windows File Security
Zdancewic Lecture 14 -- Advanced OS Security, MAC
Zdancewic Lecture 15 -- TCSEC / Common Criteria