CSCI 430 - Introduction to Computer and Network Security - Spring 2024
 

CSCI 430 - Spring 2024
Introduction to Computer and Network Security
Mon/Wed 4:00-5:50pm SOS B4 (Zoom)

 
Announcements
  • Please sign up for article presentations here.
  • We will be using Piazza for class discussion. Please try this first before emailing the instructor or TA.
    https://piazza.com/usc/spring2024/csci430/
  • People/Contact
    • Instructor:
      Dr. Genevieve Bartlett (Contact: bartlett@isi.edu)
      Office hours: by appointment via Zoom (use class link)
    • TA:
      Will Pithayuth Charnsethikul (Contact: charnset usc.edu)
      Office hours: Wed 2pm-3pm Zoom.
    Course Description
    Computers and networking are crucial to many aspects of our daily lives: entertainment, business, personal communication, healthcare, transportation, utilities, etc. Security of such systems is thus of paramount importance for protecting our assets or even our lives. This course will give students an overview of systems security, its workings, and its role in protecting data and computing resources. Students will receive both theoretical knowledge of threats and defenses and practical skills allowing them to implement some popular threats and defenses in a laboratory setting.

    After successfully completing this course, you should be able to:

    • Describe and assess a broad range of security problems and solutions
    • Understand the fundamental mathematics and engineering underlying security systems, as well as basic networking and operating systems
    • Judge the suitability of security systems for various applications
    • Install and configure some basic, open-source security systems
    • Know how to develop new security systems and features

    In addition to lectures students will be engaged through a number of hands-on homeworks and capture-the-flag (CTF) exercises, where they will apply the knowledge from the class in realistic security scenarios, attacking or defending real servers on the DeterLab testbed for security experimentation.

    Prerequisites: CSCI 201 or equivalent (e.g. EE classes on the same topics), or permission of the instructor. Please contact the instructor if you wish to enroll and don't have the prerequisites.

     
    Textbook
    Stallings and Brown, Computer Security (Required), Any edition
    ISBN: 9780134794105
    Syllabus / Topics Covered
    DateTopics coveredSlides/VideosReading/LinksHomework
    1/8Class logistics
    Intro to Deterlab
    Logistics Read DeterLab for Students guide.
    Read Hello World example
    Learning how to use DeterLab
    1/10Intro to cybersecurity
    Network primer
    Introduction Network primer
    1/15MLK Day: NO CLASS
    1/17Cryptography Crypto Basics
    Crypto: One-way Hashes
    1/22Cryptography Crypto: Symmetric Cryptography Homework 1 assigned
    1/24Cryptography
    Encryption exercises
    Crypto: Asymmetric Cryptography
    1/29Encryption TriviaEncryption Trivia
    Solutions
    1/31Key managementShared Key Exchange
    Public Key Exchange
    Let's Encrypt CA
    Create your own root cert
    2/5Authentication Authentication
    2/7Access control Access ControlHomework 1 due
    2/12Midterm preparationExample Midterms
    2/14Intrusions 1/2 (not on midterm)Intrusions 1: Recon and Scanning
    2/19Presidents' Day: NO CLASS
    2/21Midterm
    2/26Intrusions 2 Intrusions 2: Scanning (cont'd) and Initial Access Homework 2 assigned
    2/28CTF 1 preparation
    3/4Intrusions 3 Intrusions 3: Initial Access (cont'd), Maintaining Access, and Covering Tracks
    3/6 Passwords Passwords
    3/11,3/13SPRING BREAK: NO CLASS
    3/18 CTF 1 debugging
    3/20CTF 1 starts
    3/25DDoS 1: Introduction Intro to DDoS
    3/27 CTF 1 continues
    4/1CTF 1 Round 1 Homework 2 due
    4/3DDOS 2: Challenges and SolutionsDDoS ChallengesHomework 3 assigned
    4/8CTF 1 Round 2
    4/10DNS SecurityDNS SecurityDNSEC NSEC
    4/15Privacy
    CTF 2 Phase 1 starts
    Privacy 1: Private Communications
    Privacy 2: Sharing Data Privately
    Homework 4 assigned
    4/17 Routing SecurityRouting SecurityHomework 3 due, CTF 1 Report Due.
    4/22Final preparationSolutionsHomework 4 due
    4/24 In class CTF
    Class Assignments
    Homeworks: There will be four homeworks assigned according to the class schedule and due 1-2 weeks afterwards. These homeworks are to be done individually, by each student. They require up to 8 hours to complete and are done remotely on the DeterLab testbed.

    CTF exercises: There will be two CTF (capture-the-flag) exercises that will be performed in class. Each student will be assigned to a 6-8 member team. Each team will have to simultaneously protect their own data/servers and attack data/servers from one other team. These exercises require 1-2 weeks of preparation (roughly 1-2 h per day, each work day).

    Article presentations: You will present an article related to cybersecurity. You can choose which article to present - it can be a technical paper, a blog/vlog post, a news report, an interview with a cybersecurity professional, etc. The only requirement is that it is related to cybersecurity. You will present for 10 minutes. Feel free to bring 3-5 slides. Please be prepared to answer questions. Article presentations start 8/28.

    Attendance: I will take attendance each class. Preferred mode of attending is in person. I will also connect to Zoom to accomodate virtual attendees. Students are supposed to email me prior to the class to let me know they will be attending virtually and why. I will not record Zoom sessions.

    Midterm: Midterm is open book / open notes in person. Final: Final is open book / open notes in person. It is not cumulative. It will cover materials from intrusions until the end of the class.

    Grading
    Grades will be calculated based on the following formula:
    Class tasksPercentage of the final grade
    CTF Exercises (2)20%
    Homeworks (4), Best 3 out of 4 counted.20%
    Attendance5%
    Article presentation5%
    Midterm exam20%
    Final exam30%
    Late homework policy: Please start homework early and come to office hours if you need help. There is no late penalty for homework submissions up to 1 week late. After 1 week, there is a 20 percent penalty per day (with no credit given after 5 days).

    Final exam: Wednesday May 1st, 4:30-6:30 p.m, Location: TBA

    Students with Disabilities
    Any student requesting academic accommodations based on a disability is required to register with Disability Services and Programs (DSP) each semester. A letter of verification for approved accommodations can be obtained from DSP. Please be sure the letter is delivered to me as early in the semester as possible. DSP is located in STU 301 and is open 8:30 a.m - 5:00 p.m., Monday through Friday. The phone number for DSP is (213) 740-0776.
    Academic Integrity
    USC seeks to maintain an optimal learning environment. General principles of academic honesty include the concept of respect for the intellectual property of others, the expectation that individual work will be submitted unless otherwise allowed by an instructor, and the obligations both to protect one's own academic work from misuse by others as well as to avoid using another's work as one's own. All students are expected to understand and abide by these principles. More information is provided in USC's Student Handbook.

    Students will be referred to the Office of Student Judicial Affairs and Community Standards for further review, should there be any suspicion of academic dishonesty. The Review process can be found at: http://www.usc.edu/student-affairs/SJACS/ .

    Emergency Preparedness/Course Continuity in a Crisis
    In case of a declared emergency if travel to campus is not feasible, USC executive leadership will announce an electronic way for instructors to teach students in their residence halls or homes using a combination of virtual technologies.