CSCI 430 - Introduction to Computer and Network Security - Spring 2017
 

CSCI 430 - Spring 2017
Introduction to Computer and Network Security
Tu/Th 4-5:50 pm GFS 207

Announcements
  • Sample finals one and two
  • Paper/article presentations - 5 min/1 person per presentation - no slides, just talk but you can write on blackboard. For news article tell us what was the main/surprising point of the article. For research paper start with what problem it was solving, what is the main insight and what are the results like. This is not graded but is part of your participation points.
  • CTF2 password policies:
    teampolicy
    1upper,lower,number,8 chars
    2upper,lower,number,12 chars or lower, 20 chars
    3upper,lower,number,12 chars
    4upper,lower,number,special, 3 out of 4, 12 chars
    5upper,lower,number,special, 9 chars
  • Link to passwords on Google docs
    CTF2 scores, score = T + 100*(S/(S+F) - R/L - C/A):
    teamTSFLRCATotalSuccess rate (S/(S+F))Reset rate (R/L)Cracked rate (C/A)
    1101771003593633731863%10%45%
    2017274248733224669%29%3%
    31022835280127427686%4%16%
    402264528055477083%1%11%
    51030683414275917778%6%5%
  • Homework 2 deadline extended until 3/7
  • No office hours 2/16
  • Midterm and homework 1 grades are posted on blackboard.
  • Sample midterms one and two
  • List of teams for the competitions is here. Please exchange emails with your team members and set up a space to collaborate.
  • Please fill out this survey about your skills/knowledge so I can form balanced teams for our competitions https://www.surveymonkey.com/r/SHTM9KC
  • Final exam is on 5/4 at 4:30-6:30 pm in GFS 207
  • We will be using Piazza for class discussion. Please try this first before emailing the instructor or TA.
    https://piazza.com/usc/spring2017/csci430/home
People/Contact
  • Instructor:
    Prof Jelena Mirkovic (Contact: sunshine@isi.edu)
    Office hours: Tu/Th 3:00 - 4:00 and by appointment in PHE 514/516
  • TA:
    Simon Woo (Contact: simonwoota@gmail.com)
    Office hours: W 2:30-3:30 in SAL 125
Course Description
Computers and networking are crucial to many aspects of our daily lives: entertainment, business, personal communication, healthcare, transportation, utilities, etc. Security of such systems is thus of paramount importance for protecting our assets or even our lives. This course will give students an overview of systems security, its workings, and its role in protecting data and computing resources. Students will receive both theoretical knowledge of threats and defenses and practical skills allowing them to implement some popular threats and defenses in a laboratory setting.

After successfully completing this course, you should be able to:

  • Describe and assess a broad range of security problems and solutions
  • Understand the fundamental mathematics and engineering underlying security systems, as well as basic networking and operating systems
  • Judge the suitability of security systems for various applications
  • Install and configure some basic, open-source security systems
  • Know how to develop new security systems and features

In addition to lectures students will be engaged through a number of hands-on homeworks and capture-the-flag (CTF) exercises, where they will apply the knowledge from the class in realistic security scenarios, attacking or defending real servers on the DeterLab testbed for security experimentation.

Prerequisites: CSCI 201 or equivalent (e.g. EE classes on the same topics), or permission of the instructor. Please contact the instructor if you wish to enroll and don't have the prerequisites.

 
Textbook
There is no required textbook. I will make the readings for the class available online a few days before each lecture. If you want supplemental reading you can purchase
  • Matt Bishop
    "Introduction to Computer Security"
Syllabus / Topics Covered
DateTopics coveredSlidesReading/LinksHomework
1/10Class logistics, intro to security Lecture 1 Read Student introduction to DeterLab
Read Core Quickstart guide.
Read Student guidelines for DeterLab Create a test experiment on DeterLab with 3 nodes and run ping between nodes.
1/12Network primer Network primer
1/17Cryptography 1/2 Lecture 3 and 4 Homework 1: Intro to Deter (available on DeterLab) due 1/31
1/19Cryptography 2/2
1/24Key management, authentication and authorization Lecture 5 and 6
1/26Key management, authentication and authorization
1/31Intrusions 1/2 Lecture 7 and 8
2/2Intrusions 2/2
2/5Midterm review
2/9Midterm
2/14CCTF 1: Intrusions Homework 2: Intrusions (available on DeterLab) due 3/7
2/16IP spoofing Lecture 9
2/21DDoS 1/2
Lecture 10-12
2/23DDoS 2/2
2/28DDoS
3/2Botnets Lecture 12 Homework 3: DDoS (available on DeterLab) due 3/28
3/7Worms Lecture 13
3/9Passwords Lecture 14
3/14Spring break
3/16Spring break
3/21CTF 1: Post-mortem
CTF 2: Secure passwords
3/23DNS security Lecture 15 Homework 4: DNS and MITM (available on DeterLab) due 4/25
3/28Routing security Lecture 16
3/30Economic of cybersecurity Lecture 17
4/4Privacy 1/2 Lecture 18
4/6Privacy 2/2 Lecture 19
4/11CCTF 2: Post-mortem
4/13Research showcase: Gen Bartlett, Xiyue Deng, Rajat Tandon, Hao Shi
4/18Research showcase: Simon Woo, Sivaram Ramanathan, Ameya Hanamsagar
4/20Paper/article presentations - last names A-K inclusive
4/25Paper/article presentations - last names L-Z inclusive
4/27Final review
Exams, Homeworks and CTF Exercises
There will be four homeworks assigned according to the class schedule and due 1-2 weeks afterwards. These homeworks are to be done individually, by each student. They require up to 8 hours to complete and are done remotely on the DeterLab testbed (http://www.deterlab.net). There will be two CTF (capture-the-flag) exercises that will be performed in class. Each student will be assigned to a 6-8 member team. Each team will have to simultaneously protect their own data/servers and attack data/servers from one other team. These exercises require 1-2 weeks of preparation (roughly 1-2 h per day, each work day).
Grading
Grades will be calculated based on the following formula:
Class tasksPercentage of the final grade
CTF Exercises (2)20%
Homeworks (4)20%
Participation10%
Midterm exam20%
Final exam30%
Final exam is scheduled by the university.
Students with Disabilities
Any student requesting academic accommodations based on a disability is required to register with Disability Services and Programs (DSP) each semester. A letter of verification for approved accommodations can be obtained from DSP. Please be sure the letter is delivered to me as early in the semester as possible. DSP is located in STU 301 and is open 8:30 a.m - 5:00 p.m., Monday through Friday. The phone number for DSP is (213) 740-0776.
Academic Integrity
USC seeks to maintain an optimal learning environment. General principles of academic honesty include the concept of respect for the intellectual property of others, the expectation that individual work will be submitted unless otherwise allowed by an instructor, and the obligations both to protect one's own academic work from misuse by others as well as to avoid using another's work as one's own. All students are expected to understand and abide by these principles. Scampus, the Student Guidebook, contains the Student Conduct Code in Section 11.00, while the recommended sanctions are located in Appendix A: http://www.usc.edu/dept/publications/SCAMPUS/gov/

Students will be referred to the Office of Student Judicial Affairs and Community Standards for further review, should there be any suspicion of academic dishonesty. The Review process can be found at: http://www.usc.edu/student-affairs/SJACS/ .

Emergency Preparedness/Course Continuity in a Crisis
In case of a declared emergency if travel to campus is not feasible, USC executive leadership will announce an electronic way for instructors to teach students in their residence halls or homes using a combination of Blackboard, teleconferencing, and other technologies.