CSCI 499 - Security Systems - Spring 2013

CSCI 499 - Security Systems - Spring 2013
Friday 2-4:50 pm GFS 108

  • Instructor:
    Prof Jelena Mirkovic (Contact:
    Office hours: F 1-2 pm and by appointment in SAL 214/216
Course Description
Computers and networking are crucial to many aspects of our daily lives: entertainment, business, personal communication, healthcare, transportation, utilities, etc. Security of such systems is thus of paramount importance for protecting our assets or even our lives. This course will give students an overview of systems security, its workings, and its role in protecting data and computing resources. At the end of the course, students should be able to:
  • Describe and assess a broad range of security problems and solutions
  • Understand the fundamental mathematics and engineering underlying security systems
  • Judge the suitability of security systems for various applications
  • Know how to develop new security systems and features
In addition to lectures students will be engaged through a number of hands-on homeworks and capture-the-flag (CTF) exercises, where they will apply the knowledge from the class in realistic security scenarios, attacking or defending real servers on the DeterLab testbed for security experimentation.

Prerequisites: CSCI 402 or CSCI 450 or equivalent (e.g. EE classes on the same topics), or permission of the instructor. This class is appropriate for undergraduate students with previous classwork in networking and/or operating systems. Students from non-systems/networking areas are welcome. Please contact the instructor if you wish to enroll and don't have the prerequisites.

There is no required textbook. I will make the readings for the class available online a few days before each lecture. If you want supplemental reading you can purchase
  • Matt Bishop
    "Introduction to Computer Security"
Syllabus / Topics Covered
DateTopics coveredSlidesReading/LinksHomework
1/18Field of securityLecture 1Lecture 1
Network primer
1/25CryptographyLecture 2Lecture 2
Student Introduction to DeterLab
Introduction to SSH and Port Forwarding
Familiarize yourself with DeterLab (not graded)
2/1Key management, authentication and identity managementLecture 3 Lecture 3
2/8Authorization and Policy Lecture 4 Lecture 4 Intro to Linux, Deter and Client/Server architecture (due 2/8 at midnight)
See announcement section about homework access.
2/15Intrusions Lecture 5 Lecture 5
2/22Preparation for CTF and for midterm
3/1CTF exercise: Secure Data AccessCTF Exercise Specification
3/15Denial of service Lecture 6 Permissions and firewalls (due 3/25 at midnight)
3/22Spring break
3/29PrivacyLecture 7Lecture 7
4/5DDoS Lecture 8 Buffer overflows, pathname attacks and SQL injections (due 4/12 at midnight)
4/12Worms and botnets Lecture 9 Denial of service (due 4/19 at midnight)
4/19Bitcoin, Drive-by Downloads Lecture 10
4/26CTF exercise: Secure Server
5/3Final review
There will be a midterm and a final exam in this course. Both exams are closed-book. Final exam will cover only topics after the midterm exam.
Grades will be calculated based on the following formula:
Class tasksPercentage of the final grade
CTF Exercises (2)20%
Homeworks (6-8)20%
Quizzes (6-8)5%
Midterm exam20%
Final exam30%
CTF exercises will be done in clsss, on DeterLab, and will require a week of preparation. Homeworks will require 1-2 h of preparation and 1 h to complete and will be done on DeterLab. Quizzes will be administered as closed-book and online, and students will be allowed to retake them as many times as they desire. Midterm and final exam are closed-book. Midterm is taken in class and the final is scheduled by the University here for Monday May 13, 2-4 pm.
Students with Disabilities
Any student requesting academic accommodations based on a disability is required to register with Disability Services and Programs (DSP) each semester. A letter of verification for approved accommodations can be obtained from DSP. Please be sure the letter is delivered to me as early in the semester as possible. DSP is located in STU 301 and is open 8:30 a.m - 5:00 p.m., Monday through Friday. The phone number for DSP is (213) 740-0776.
Academic Integrity
USC seeks to maintain an optimal learning environment. General principles of academic honesty include the concept of respect for the intellectual property of others, the expectation that individual work will be submitted unless otherwise allowed by an instructor, and the obligations both to protect one's own academic work from misuse by others as well as to avoid using another's work as one's own. All students are expected to understand and abide by these principles. Scampus, the Student Guidebook, contains the Student Conduct Code in Section 11.00, while the recommended sanctions are located in Appendix A:

Students will be referred to the Office of Student Judicial Affairs and Community Standards for further review, should there be any suspicion of academic dishonesty. The Review process can be found at: .

Emergency Preparedness/Course Continuity in a Crisis
In case of a declared emergency if travel to campus is not feasible, USC executive leadership will announce an electronic way for instructors to teach students in their residence halls or homes using a combination of Blackboard, teleconferencing, and other technologies.