CIS-3310: Introduction to Networks and Security
Fall 2023
Instructor: Sebastian Angel
Room: Berger Auditorium (in Skirkanich Hall)
Time: M/W 10:15 AM–11:30 AM
This course introduces the principles and practical considerations of computer and network security. It covers the following:
Even though NETS students are not required to take CIS 240, it is a prerequisite for this course. We will be enforcing these prerequisites.
Name | Office hours (location) |
---|---|
Ashwin Alaparthi | M/W 6–8 PM (Levine 6 bump space) |
Serena Huang | Sunday 9:30–11:30 AM (Levine 6 bump space) |
Rohan Moniz | Friday 12–2 PM (Levine 3 bump space) |
Elizabeth Margolin | Thursday 1–3 PM (Levine 6 bump space) |
Sahil Parekh | M/W 4–6 PM (Levine 6 bump space) |
Ellen Yan | Tuesday 4–6PM (Levine 6 bump space) |
Jess Woods (Head TA) | Sunday 4–6 PM (Levine 5 bump space) |
There is no required textbook for this course. The following books (available for free) are good extra sources:
There will be 3 homework assignments to be completed individually, and 3 projects to be done in pairs. There are two non-cumulative exams.
There will be 1 short quizz each week to be completed online through Canvas. The purpose of these quizzes is to keep you on track throughout the semester and make sure that you are understanding the material. We will drop the lowest 4 quizzes.
We encourage you to discuss the problems and your general approach with other students in the class. However, the answers you turn in must be your own original work, and you must adhere to Penn’s Code of Academic Integrity.
For more information, see the Office of Student Conduct.
The University of Pennsylvania provides reasonable accommodations to students with disabilities who have self-identified and received approval from the Office of Student Disabilities Services (SDS). If SDS has approved your request for accommodations, please make an appointment to meet with me as soon as possible in order to discuss the arrangements for your accommodations. SDS services are free and confidential.
Date | Topic | |
---|---|---|
8/30 Homework 1 out |
Introduction course overview; threat models; defensive programming |
|
9/4 |
Labor day |
|
9/6 Project 1 out |
Stack overflow the stack in detail; return value vs return address; stack overflow |
|
9/11 Homework 1 due |
Control hijacking attacks buffer overflows; integer overflow; format string vulnerability |
|
9/13 |
Control hijacking defenses stack canaries; bounds checking; DEP |
|
9/18 |
ROP and ASLR return oriented programming; address space layout randomization |
|
9/20 |
OS Security priviledge separation; file and directory permissions; Setuid binaries |
|
9/25 |
Authentication password storage; rainbow tables; password alternatives |
|
9/27 Project 1 due Homework 2 out |
Cryptography intro to cryptography; affine, substitution, and vigenere ciphers; frequency analysis |
|
10/2 |
Symmetric encryption I probability review; one-time-pad; perfect secrecy; statistical test; indistinguishability; semantic security |
|
10/4 |
Symmetric encryption II PRG; stream cipher; random oracle; PRF; PRP; block cipher |
|
10/9 Project 2 out |
Hash functions collision resistance; birthday paradox; compression functions; Merkle-Damgard |
|
10/11 | Fall break | |
10/16 Homework 2 due |
MACs and authenticated encryption length extension attacks; MAC; HMAC; authenticated encryption |
|
10/18 |
Public Key Encryption I Diffie-Hellman; Public key encryption; RSA trapdoor function; PKCS; oracle attacks; IND-CCA |
|
10/23 |
Exam 1 Includes content up to MACs and authenticated encryption (10/16) |
|
10/25 |
Public key Encryption II Digital signatures; RSA signatures; PKCS padding; MAC vs signatures |
|
10/30 Project 2 due Project 3 out |
TLS Certificates; PKI; TLS handshake; forward secrecy |
|
11/1 |
Web overview threat model; HTTP; HTTPS; HTML; JavaScript |
|
11/6 |
Web Attacks I SQL injection; Cookies; same origin policy |
|
11/8 |
Web attacks II CSRF, XSS |
|
11/13 Homework 3 out |
Networking I TCP/IP, BGP, BGP Hijacking |
|
11/15 |
Networking II DNS; DNS attacks; DNS defenses |
|
11/20 | Thanksgiving break | |
11/22 | Thanksgiving break | |
11/27 |
Denial of service DOS; DDOS; SYN flooding; amplification attacks; client puzzles |
|
11/29 Homework 3 due |
Censorship Great firewall of china; VPNs |
|
12/4 |
Privacy and anonymity End-to-end encrypted email; Private browsing; Tor |
|
12/6 |
Review |
|
12/11 |
Exam 2 |
|
12/13 Project 3 due |
No class |