CSE 127, Spring 2005
Intro to Computer Security
Teaching Assistant: Walter Phillips - whphilli@ucsd.edu
|
Course overview
This course focuses on computer and network security, covering a wide range of topics on both the "defensive" and "offensive" side of this field. Among these will be basic cryptography and cryptographic protocols, code security and exploitation (buffer overflows, race conditions, SQL injection, etc), access control and authentication, covert channels, protocol attacks, firewalls, intrusion detection/prevension, viruses/worms and bots, spyware and phising, denial-of-service, privacy/anonymity, and computer forensics. The goal of the course is to provide an appreciation of the fundamental challenges in designing and implementing secure systems as well as and understanding of the base technologies and threats in today's intereconnected environment.
Homeworks are due by the end of class on the day specified. We will reduce homework grades by 20% for each day that they are late. You must hand in a hardcopy of your homework. We will generally post homework solutions within a week after they are due.
Projects
To complete the projects in this course, you will need the ability to develop software programs using the C language. If you have not used C recently, you may want to refresh your knowledge using one of the many good books on the topic. In particular I recommend the classic, The C Programming Language, by Kernighan and Ritchie.
These projects and their components with be announced on this Web page as they become availabley.
Grading
Your grade for the course will be based on your performance on the homework, programming projects, midterm and final exams using the following weights:
Homeworks/Projects: 45%
Midterm: 25%
Final: 30%
Web board
Class Webboard
Schedule
Date | Lecture | Readings | Homework | Project |
3/28 | Preliminaries |
|||
3/30 | What is Security/Intro to Crypto |
|||
4/4 | Private Key Ciphers |
|||
4/6 | Public Key Ciphers |
|||
4/11 | Integrity/Authenticity |
|||
4/13 | Key Distribution & real protocols |
|||
4/18 | Passwords/Biometrics |
|||
4/20 | Side channel attacks |
|||
4/25 | Software Vulnerabilities I: Buffer Overflows |
Smashing the Stack by Aleph One |
||
4/27 | Software Vulnerabilities II |
Format String Vulnerabilities by scut/Team Teso |
Homework #1 | |
5/2 | Midterm (answers) | Buffer Overflow Project | ||
5/4 | Class cancelled (sick day) | |||
5/9 | Malicious Code |
|||
5/11 | Malicious Code continued |
|||
5/16 | Malicious Code continued |
|||
5/18 | NATs and Firewalls |
|||
5/23 | DoS and Intrusion Detection |
|||
5/25 | Protocol Vulnerabilities |
|||
5/31 | Popourri (but it won't be on the final) |
Homework #2 |