CSCI 430 - Introduction to Computer and Network Security - Spring 2022
 

CSCI 430 - Fall 2021
Introduction to Computer and Network Security
M/W 2:00 - 3:50 pm in SSL 202

We will follow flipped classroom model in this class. Please make sure to bring your charged laptops to each class and to view lecture materials and take the quiz on Blackboard before each class (starting from the second class). You don't have to do videos and slides. You can just do one (videos or slides) - they have the same information.
 
Announcements
  • Please solve sample finals here
  • Final Zoom link is here
  • Sample final one and two.
  • CTF2 statistics, please fill here. Also place username, md5hash and any salt one per line into a file and place file into /proj/USC430/CTF2/hashes with your team name, e.g., team1.txt. First line of the file should explain the formula how salt was used if you had used a salt in hashing.
  • Please sign up for article presentations here
  • Final exam has been moved to SOS B4 (same time as planned)
  • Team 1, 2, 3, 4, 6, 8 is ready for CTF2 (4/6). Team 5 is also ready (4/10). Team 7 needs to have policy info on register and login pages, ask for only username and password on register page and reset doesn't work.
  • CTF 1 scores. Blue score is the score for the given team (e.g., Team 1) and red score is actually the score for the attacker of the given team (e.g., if listed on team 1 line the score would signify points that team 2 earned attacking Team 1).

  • Buffer overflow example that can be helpful for extra credit (warning: it has some expletives) here
  • Team 1Team 2Team 3Team 4Team 5Team 6Team 7Team 8
    Audrey, Randi, Kevin, Lauren, Richard, Andrew, JustinNic, Henry, Erica, Ivan, Conor, Jackson, TimothyVandhana, Varun, Shamanth, Jaiveer, Anh, Zechen, Christen, JiaxiGauri, Smrithi, Yuhan, Shania, Surya, Cyprien, Steven, DanielMohamed, Yuxuan, Rex, Sam Mehdi, TJ, Nicholas, HamzaCameron, Rory, Elizabeth, Kate, Denis, Tyler, FrederickJess, Vikhyat, Sydney, Haeju, Elissa, Matthew O, ArmaanPeter, Henry, Sam Mesfin, Matthew R, Oktarian, Seth, Sandy
  • Solved midterm is here.
  • Sample midterms one and two. Work on them online at the following links: one and two.
  • Remote attendees: please find Zoom links on Blackboard
  • We will be using Piazza for class discussion. Please try this first before emailing the instructor or TA.
    https://piazza.com/class/ky7zpfbhs8z6qv
  • People/Contact
    • Instructor:
      Prof Jelena Mirkovic (Contact: sunshine@isi.edu)
      Office hours: M/W 11 - 12 in SAL 311 and by appointment via Zoom (use class link)
    • TA:
      Sulyab Thottungal Valapu (Contact: thottung@usc.edu)
      Office hours: Tu 10-11 am in RTH 418 and by appointment via Zoom
    Course Description
    Computers and networking are crucial to many aspects of our daily lives: entertainment, business, personal communication, healthcare, transportation, utilities, etc. Security of such systems is thus of paramount importance for protecting our assets or even our lives. This course will give students an overview of systems security, its workings, and its role in protecting data and computing resources. Students will receive both theoretical knowledge of threats and defenses and practical skills allowing them to implement some popular threats and defenses in a laboratory setting.

    After successfully completing this course, you should be able to:

    • Describe and assess a broad range of security problems and solutions
    • Understand the fundamental mathematics and engineering underlying security systems, as well as basic networking and operating systems
    • Judge the suitability of security systems for various applications
    • Install and configure some basic, open-source security systems
    • Know how to develop new security systems and features

    In addition to lectures students will be engaged through a number of hands-on homeworks and capture-the-flag (CTF) exercises, where they will apply the knowledge from the class in realistic security scenarios, attacking or defending real servers on the DeterLab testbed for security experimentation.

    Prerequisites: CSCI 201 or equivalent (e.g. EE classes on the same topics), or permission of the instructor. Please contact the instructor if you wish to enroll and don't have the prerequisites.

     
    Textbook
    Stallings and Brown, Computer Security (Required), Any edition
    ISBN: 9780134794105
    Syllabus / Topics Covered
    DateTopics coveredSlides/VideosReading/LinksHomework/Quiz
    1/10Class logistics
    Intro to Deterlab
    Logistics slidesRead Student introduction to DeterLab
    Read Core Quickstart guide.
    Read User guidelines for DeterLab
    1/12Intro to cybersecurity
    Network primer
    Module 1 slides
    Module 1 video
    Module 2 slides
    Module 2 video
    Module 3 slides
    Module 3 video
    Network primer
    See quiz on Blackboard
    1/19Cryptography Module 4 video
    Module 4 slides
    Module 5 video
    Module 5 slides
    See quiz on Blackboard
    Homework 1 assigned
    1/24Cryptography Module 6 video
    Module 6 slides
    See quiz on Blackboard
    1/26Cryptography
    Homework 1 and encryption exercises
    Module 7 video
    Module 7 slides
    Hashing and encryption combos
    Encryption Trivia No quiz
    1/31Key managementModule 8 video
    Module 8 slides
    See quiz on Blackboard
    2/2Key management Module 9 video
    Module 9 slides
    Let's Encrypt
    Create your own root cert
    See quiz on Blackboard
    Homework 1 due
    2/7Authentication Module 10 video
    Module 10 slides
    See quiz on Blackboard
    2/9Access control Module 11 video
    Module 11 slidess
    See quiz on Blackboard
    2/14Midterm preparation
    2/16Midterm
    2/23CTF1 preparationCTF1 instructions
    2/28Intrusions Module 12 video
    Module 12 slides
    See quiz on Blackboard
    Homework 2 assigned
    3/2Intrusions Module 13 video
    Module 13 slides
    See quiz on Blackboard
    3/7Intrusions Module 14 video
    Module 14 slides
    See quiz on Blackboard
    3/9CTF1 starts
    3/21Passwords Module 15 video
    Module 15 slides
    No quiz
    3/23CTF1 ends
    CTF2 phase 0 starts
    CTF2 instructionsHomework 2 due
    3/28Privacy Module 16 video
    Module 16 slides
    Full Tor specification
    How Tor works
    Tor step by step
    See quiz on Blackboard
    3/30Privacy Module 17 video
    Module 17 slides
    Differential privacy (easy version)No quiz
    4/4DDoS Module 18 video
    Module 18 slides
    Fragmentation example

    See quiz on Blackboard
    4/6DDoS
    CTF2 phase 0 ends, phase 1 starts
    Module 19 video
    Module 19 slides
    DoS exercise Homework 3 assigned
    See quiz on Blackboard
    4/11DDoS Module 20 video
    Module 20 slides
    TCP SYN cookies
    DDoS trends:
    Arbor reports for 2010, 2015 and 2020
    Padlet
    DDoS volume:
    Online spreadsheet
    See quiz on Blackboard
    4/13DNS security
    CTF2 phase 1 ends, phase 2 starts
    Module 21 video
    Module 21 slides
    Homework 4 assigned
    See quiz on Blackboard
    4/18Routing security Module 22 video
    Module 22 slides
    See quiz on Blackboard
    4/20Article presentationsSee link to sign up in announcementsHomework 3 due
    4/25Article presentations
    CTF2 phase 2 ends
    See link to sign up in announcements
    4/27Final preparationHomework 4 due
    Exams, Homeworks and CTF Exercises
    There will be four homeworks assigned according to the class schedule and due 1-2 weeks afterwards. These homeworks are to be done individually, by each student. They require up to 8 hours to complete and are done remotely on the DeterLab testbed (http://www.deterlab.net). There will be two CTF (capture-the-flag) exercises that will be performed in class. Each student will be assigned to a 6-8 member team. Each team will have to simultaneously protect their own data/servers and attack data/servers from one other team. These exercises require 1-2 weeks of preparation (roughly 1-2 h per day, each work day).
    Grading
    Grades will be calculated based on the following formula:
    Class tasksPercentage of the final grade
    CTF Exercises (2)20%
    Homeworks (4)20%
    Participation10%
    Quizzes10%
    Midterm exam15%
    Final exam25%
    Late homework policy: Please start homework early and come to office hours if you need help. This year (2022) there is no late penalty for homework submissions. You can submit any time until the last day of the class. But if you submit by the deadline listed on our syllabus you can earn 1/2 extra point (each homework is worth 5 points so this is 10% of the homework grade).

    Final exam: Mon, May 9, 2 - 4 pm, in SOS B4

    Students with Disabilities
    Any student requesting academic accommodations based on a disability is required to register with Disability Services and Programs (DSP) each semester. A letter of verification for approved accommodations can be obtained from DSP. Please be sure the letter is delivered to me as early in the semester as possible. DSP is located in STU 301 and is open 8:30 a.m - 5:00 p.m., Monday through Friday. The phone number for DSP is (213) 740-0776.
    Academic Integrity
    USC seeks to maintain an optimal learning environment. General principles of academic honesty include the concept of respect for the intellectual property of others, the expectation that individual work will be submitted unless otherwise allowed by an instructor, and the obligations both to protect one's own academic work from misuse by others as well as to avoid using another's work as one's own. All students are expected to understand and abide by these principles. Scampus, the Student Guidebook, contains the Student Conduct Code in Section 11.00, while the recommended sanctions are located in Appendix A: http://www.usc.edu/dept/publications/SCAMPUS/gov/

    Students will be referred to the Office of Student Judicial Affairs and Community Standards for further review, should there be any suspicion of academic dishonesty. The Review process can be found at: http://www.usc.edu/student-affairs/SJACS/ .

    Emergency Preparedness/Course Continuity in a Crisis
    In case of a declared emergency if travel to campus is not feasible, USC executive leadership will announce an electronic way for instructors to teach students in their residence halls or homes using a combination of Blackboard, teleconferencing, and other technologies.