CIS 551 / TCOM 401 - Computer and Network Security
Spring 2006


Topics     Reading     Projects     Grading     Lectures     Policies

Time: Tues. & Thurs. 1:30 - 3:00
Room: Towne 303

Instructor:

    Steve Zdancewic
      e-mail: stevez AT cis.upenn.edu
      office hours: Thurs. 9:30-10:30 (and by appointment) Levine 511

Teaching Assistants:

    Karl Mazurak
      e-mail: mazurak AT cis.upenn.edu
      office hours: Mon. & Weds. noon - 1:00 Levine 575


Topics:


Reading

There is no required textbook for this class. Instead, see the following sources:

Projects

Project 1: Buffer Overflows Due: 31 Jan. 2006

Project 2: Cryptographic Protocols Due: 14 Mar. 2006

Project 3: Intrusion Detection Systems Due: 21 April 2006



Grading Criteria


Lecture Slides and Notes

Schedule

Date
Topic
Notes
1/10
Introduction & Overview

1/12*
--
No Class
1/17
Buffer Overflows
Notes
1/19
Access Control
Notes
1/24
Unix & Setuid programming Notes
1/26
Java Stack Inspection
Notes
1/31
Mandatory Access Control, Multilevel Security
Notes
2/2
Covert Channels, Common Criteria, Tempest
Notes
2/7
Symmetric Key Cryptography, DES
Notes
2/9
Public Key Cryptography, RSA
Notes
2/14
--
Midterm I
2/16
Diffie-Hellman, Cryptographic Hashes
Notes
2/21
Protocols, Challenge-Response Authentication

2/23
Digital Signatures
Notes
2/28
Key Distribution, Kerberos
Notes
3/2
SSH, Human Authentication
Notes
3/7
--
Spring break
3/9
--
Spring break
3/14
Ethernet, 802.11, WEP
Notes
3/16
IP, DNS
Notes
3/21

Midterm II
3/23
UDP, TCP
Notes
3/28
SMTP, NATs, and Firewalls
Notes
3/30
Firewalls/Viruses
Notes
4/4
Worms
--
4/6
Virus & Worm Scanning / Intrusion Detection
--
4/11
Inrusion Detection / Automatic Signature Extraction
--
4/13
Polymorphic Worms & Viruses/ Web Security
Notes, Notes2
4/18
E-commerce
Notes
4/20
Digital Cash / Conclusions
--
*indicates dates when Prof. Zdancewic will be away.

Course Policies

This course will abide by the University's Code of Academic Integrity. In particular, for individual projects and group projects, the following guidelines should be followed: