CSCI 430 - Introduction to Computer and Network Security - Fall 2018
 

CSCI 430 - Fall 2018
Introduction to Computer and Network Security
MW 12-1:50 pm in WPH 102

Announcements
  • Solved final and grading rubric are here.
  • Sample finals one and two
  • Internet misdirection in China
  • Sample midterms one and two
  • Groups for the CTFs

    Group numberGroupStudents
    1AvengersAgarwal, Sahil
    Albrecht, Spencer
    Alexander, Rachel, Mirium
    Bosch, Diego, Jose
    Chakraborty, Rohan, Mahajan
    Li, Yiming
    Mu, Yifan
    2X-menChan, Allison
    Chen, Yang
    Coyle, Cullen, Xavier
    Damato, Michael, John
    Dormuth, Jacob
    Dubey, Anshika
    Eisman, Micaela
    3Guardians of the GalaxyHaupt, Shan, Alexander
    Khanna, Rohan
    Kim, Hyuck Ju
    Klein, Mark
    Kumar, Devika
    Lovett, Adam, Mathew
    Mansilla-Borquez, Felipe
    4Justice LeagueCha, Harrison
    Pai, Sonali
    Parker, Avri, Nichole
    Seo, Summer, Yeonhee
    Shao, Xuan
    Shen, Jonathon
    Su, Eric

  • We will be using Piazza for class discussion. Please try this first before emailing the instructor or TA.
    https://piazza.com/usc/spring2018/csci430/home
  • People/Contact
    • Instructor:
      Prof Jelena Mirkovic (Contact: sunshine@isi.edu)
      Office hours: MW 11:00 - 12:00 and by appointment in RTH 512
    • TA:
      Kirthana Ramesh Selvam (Contact: rameshse@usc.edu)
      Office hours: Thu 11 am - 1 pm in SAL Computer Lobby
    Course Description
    Computers and networking are crucial to many aspects of our daily lives: entertainment, business, personal communication, healthcare, transportation, utilities, etc. Security of such systems is thus of paramount importance for protecting our assets or even our lives. This course will give students an overview of systems security, its workings, and its role in protecting data and computing resources. Students will receive both theoretical knowledge of threats and defenses and practical skills allowing them to implement some popular threats and defenses in a laboratory setting.

    After successfully completing this course, you should be able to:

    • Describe and assess a broad range of security problems and solutions
    • Understand the fundamental mathematics and engineering underlying security systems, as well as basic networking and operating systems
    • Judge the suitability of security systems for various applications
    • Install and configure some basic, open-source security systems
    • Know how to develop new security systems and features

    In addition to lectures students will be engaged through a number of hands-on homeworks and capture-the-flag (CTF) exercises, where they will apply the knowledge from the class in realistic security scenarios, attacking or defending real servers on the DeterLab testbed for security experimentation.

    Prerequisites: CSCI 201 or equivalent (e.g. EE classes on the same topics), or permission of the instructor. Please contact the instructor if you wish to enroll and don't have the prerequisites.

     
    Textbook
    There is no required textbook. I will make the readings for the class available online a few days before each lecture. If you want supplemental reading you can purchase
    • Matt Bishop
      "Introduction to Computer Security"
    Syllabus / Topics Covered
    DateTopics coveredSlidesReading/LinksHomework
    8/20Class logistics
    Intro to security
    Lecture 1 Read Student introduction to DeterLab
    Read Core Quickstart guide.
    Read Student guidelines for DeterLab
    8/22Network primer
    Intro to DeterLab
    Network primer
    8/27Cryptography Lecture 2 and 3
    8/29Cryptography Homework 1 assigned
    9/5Privacy Lecture 4
    9/10Cryptography
    9/12Cryptography
    Key management, authentication
    Lecture 5 and 6
    9/17Key management, authentication
    9/19Midterm review Homework 1 due
    9/24Midterm
    9/26Authorization and policy
    Intrusions
    Lecture 7
    Lecture 8
    Homework 2 assigned
    10/1CTF1 prep
    10/3Intrusions
    10/8Intrusions
    10/10DDoS Lecture 9 and 10 Homework 2 due
    10/15DDoS Homework 3 assigned
    10/17CTF1
    10/22CTF1
    10/24Passwords Lecture 11
    10/29Passwords Homework 3 due
    10/31CTF2 prep
    11/5DNS security Lecture 12 and 13 Homework 4 assigned
    11/7CTF2 phase 1 starts
    Routing security
    11/12DDoS
    11/14CTF2 phase 2 starts
    11/19Article presentations
    IP spoofing
    Lecture 14 Homework 4 due
    11/26Article presentations
    Botnets
    Lecture 15
    11/28Final review
    Exams, Homeworks and CTF Exercises
    There will be four homeworks assigned according to the class schedule and due 1-2 weeks afterwards. These homeworks are to be done individually, by each student. They require up to 8 hours to complete and are done remotely on the DeterLab testbed (http://www.deterlab.net). There will be two CTF (capture-the-flag) exercises that will be performed in class. Each student will be assigned to a 6-8 member team. Each team will have to simultaneously protect their own data/servers and attack data/servers from one other team. These exercises require 1-2 weeks of preparation (roughly 1-2 h per day, each work day).
    Grading
    Grades will be calculated based on the following formula:
    Class tasksPercentage of the final grade
    CTF Exercises (2)20%
    Homeworks (4)20%
    Participation10%
    Midterm exam20%
    Final exam30%
    Late homework policy: Please start homework early and come to office hours if you need help. There will be no individual extensions of homework deadlines. You can submit one homework late (up to one week) with no penalty. Any other homework you submit late will incur 50% penalty, regardless of how late it is. Final exam: December 7, 11 am - 1 pm.
    Students with Disabilities
    Any student requesting academic accommodations based on a disability is required to register with Disability Services and Programs (DSP) each semester. A letter of verification for approved accommodations can be obtained from DSP. Please be sure the letter is delivered to me as early in the semester as possible. DSP is located in STU 301 and is open 8:30 a.m - 5:00 p.m., Monday through Friday. The phone number for DSP is (213) 740-0776.
    Academic Integrity
    USC seeks to maintain an optimal learning environment. General principles of academic honesty include the concept of respect for the intellectual property of others, the expectation that individual work will be submitted unless otherwise allowed by an instructor, and the obligations both to protect one's own academic work from misuse by others as well as to avoid using another's work as one's own. All students are expected to understand and abide by these principles. Scampus, the Student Guidebook, contains the Student Conduct Code in Section 11.00, while the recommended sanctions are located in Appendix A: http://www.usc.edu/dept/publications/SCAMPUS/gov/

    Students will be referred to the Office of Student Judicial Affairs and Community Standards for further review, should there be any suspicion of academic dishonesty. The Review process can be found at: http://www.usc.edu/student-affairs/SJACS/ .

    Emergency Preparedness/Course Continuity in a Crisis
    In case of a declared emergency if travel to campus is not feasible, USC executive leadership will announce an electronic way for instructors to teach students in their residence halls or homes using a combination of Blackboard, teleconferencing, and other technologies.