I520/ B649 Schedule

Topics and schedule for Security for Networked Systems for Spring 2015.

Class Times
Lindley Hall, 150 S. Woodlawn Avenue, Room 008
Mondays & Wednesdays 4:00- 5:15

Prospectus for Security for Networked Systems for Spring 2015, including policies, grading, and goals.

Topics

Some topics have a corresponding laboratory exercise. Please expect ten laboratory exercises which will be started during the discussion sessions in the security laboratory in Informatics. In order to make certain that you will have all-hours access, please make sure we have a record of you as in the course. Sessions with no lab allow you to catch up, there will be an AI available during discussion time in the lab every week.

Aug. 24 Introduction and Overview

Goals, policies, struture and syllabus. Discussion of goals to ensure the goals fit the class. What topic is missing, is too lightly covered, or is too heavily considered in the following readings? Syllabus provided in class. We will discuss a recent attack, one that has occurred shortly before the semester begins.

Aug. 26 What is Security

Confidentialy, integrity, availability, survivability, and their interactions.

Aug. 31 Security Policies

Requirements, Bell-LaPadula, Biba integriy

Lab 1: Install Linux

Sept. 2 Symmetric Encryption

Basics of symmetric encryption, issues of key exchange.

Lab 2: Symmetric Encryption

Sept. 9 Asymetric cryptography

Goals, structure, purpose, and why you should keep closely to the standard.

Lab 3: Asymmetric Encryption

Sept. 14 PKI, TLS

Understanding the use of certificates in TLS

Sept. 16 PKI, TLS

Fast SSL and other bad ideas, weaknesses in TLS authentication software

Lab 4: PKI

Sept. 21 Denial of Service Attacks

Early denial of service attacks and defenses

Sept. 23 Distributed Denial of Service Attacks

DDoS, Applification attacks, botnets

No lab

Sept. 28 Andriod Security Model

Mobile threats, permissions

Sept. 30 Mobile Malware

iPhone and Android malware identification

Lab 5: Password Cracking

Oct. 5 Authentication

Something you know, something you have, something you are and emerging authentication mechanisms

Oct. 7 Anonymity

Anonymity, pseudonymity, and the interaction of authentication and anonymity

No lab

Oct. 12 Malware

traditional malware, early malware

Oct. 14 More Malware

emergent malware

Lab 6: Malware and Rootkit Detection

Oct. 19 Access Control

Recent trends in malware and malware defense

Oct. 21 Intrusion Detection

Foundations, rule-based, statistical and machine learning approaches

Lab 7: Snort

Oct. 26 Firewalls

Security mechanisms, tools, and their interdependencies

Oct. 28 Multilevel Security

Security mechanisms, tools, and their interdependencies

Lab 8: Firewalls

Nov. 2 Network Security

Network security, OSI Model

Nov. 4 BGP Security, PKI in BGP

BGP security, leaks and hijacks

Lab 9: Nmap

Nov. 9 Spam & botnets

spam, its use in attacks, and prevention

Nov. 11 Tor & Mixnets

Anonymous communications, trade-offs and mechanics

Lab 10: PGP

Nov. 16 Human Factors

Basic usable security

Nov. 18 Phishing

Social engineering

No lab

Nov. 30 Economics of Security

Focus on BGP and the rejected standards, economics of CAs. May be replaced with presentations depending on class participants.

Dec. 2 Presentation

First set of short in-class presentations. , may be extended to discussion sections for time. Sign up is first come, first served.

No lab

Dec. 7 Dec 9

Brief presentations in class.

Optional review for final

Final

Comprehensive, includes readings and all in-class material, excluding student presentations only