4/28/11 - Sample final is posted here
with solutions.
4/25/11 - Final exam is on May 10, 8-10 am in THH
212. It's closed book, closed notes exam and it only covers material
post-midterm. Final reading list is here.
4/25/11 - Quiz 8 has been posted.
4/11/11 - Quizzes 6 and 7 have been posted.
4/5/11 - Quizzes 4 and 5 have been posted.
3/25/11 - Quiz 3 has been posted. Please take it
after the lab lecture on ARP spoofing
but before you do the lab on DETER. You will re-take it again as quiz
4 after the lab.
3/22/11 - I'm looking for a few good students for
summer research. If you're interested please e-mail me the following
ONLY (don't send me a full CV):
- Your expected graduation date
- Your GPA and USC grade transcript (screen printout is fine)
- List of skills (programming languages, environments) as bullets
- A summary of your prior research experience. For each research
project you participated in (even if it was just a class project)
list:
- Project goal
- What YOU did on the project
- What was the outcome of the project
- Are you looking to work for credit or for pay
Please e-mail your applications by 4/15. I may accept later
applications if I don't fill up positions by 4/15.
3/22/11 - On 4/22 I will talk on a topic (or
several topics) of your choice. Please e-mail me topic suggestions you
want me to cover in that lecture by 3/5/11.
3/12/11 - Quiz 2 is posted on the Blackboard. This
is the repeat of quiz 1 to be taken after your DETER firewalls
lab. You can take it any time between now and the end of the course
but it's probably best if you take it as soon as you finish the
lab. Please take this quiz even if you got the maximum on the previous
one.
3/8/11 - All due dates are at midnight (23:59 pm)
on a given day, PST
3/8/11 - Deadline for report 2 moved to Friday 3/11.
3/3/11 - Quiz 1 is posted on the Blackboard
3/1/11 - Solved midterm
and Grading criteria.
2/23/11 - Jelena won't be having office hours today
due to some meeting conflicts at ISI. Please email her if you need to
meet with her before Tue and schedule a 1-1 meeting.
2/17/11 - Examples of
different ciphers
2/17/11 - Sample
midterm with solutions
2/16/11 - Our midterm will be on Tue 2/22,
9:30-10:50 am in MHP 105.
2/15/11 -Midterm reading list
2/10/11 - Submit your paper reports via the DEN
system (http://mapp.usc.edu)
2/3/11 - Please make sure to choose your papers
only from the following venues (and they must be published after
2005): Sigcomm, Infocom, ACM CCS,
Usenix Security Symposium, NDSS, NSDI, IEEE Transactions on Secure and
Dependable Computing, IEEE Transactions on Networking. Typing in a
venue's name and year into a search engine should get you to a Web
page with papers like this "Sigcomm 2010". For conferences, just click
on "Program" link to get to papers. Journals should have archives and
TOC links where you can find papers.
2/3/11 - Here is a
detailed survey of group key management approaches. Access this paper
from USC (or via VPN) since it requires paid subscription.
2/3/11 - Here is the template for paper
reports. You can change the fonts but keep all the sections (you can
change their titles too).
1/26/11 - Papers from workshops associated with one of the
venues listed in the report section are also eligible to be chosen for
the report.
1/25/11 - Jelena won't be able to hold her office
hours tomorrow (1/26) since they overlap with a large project review
at ISI. This is a one-time event.
If you wanted to
talk to her this week email her and schedule a time to meet with her on Friday.
1/22/11 - Read all about using padding in
encryption here. There was a
question in the last lecture why DES is padded with 1 and the rest of
zeroes when the length of the original message is encoded after the
padding. The answer is - this is how the standard was defined but in
reality any random padding could be used since the length encoding
gives us enough information to strip it.
1/21/11 - TA office hours have changed to Th 11-noon.
1/17/11 - DEN students asked me how they can
fulfill the participation part of the grade. One good way would be to
post in our Blackboard forums. Post questions, comments on lectures or
security events in news, answer other people's posts ... This is a
good way to earn participation points for students that attend class
at USC as well. To start the
ball rolling I've made a few posts in the Misc board. Check them out!
People/Contact
|
- Instructor:
Prof Jelena Mirkovic (Contact: sunshine@isi.edu, she will respond
within 24 h), Office
hours: We 3-4 pm and by appointment in SAL 234
- TA:
Leslie Cheung (lccheung@usc.edu)
Office hours: Th 11am-noon in PHE 316
- Lab instructor:
David Morgan (davidmor@usc.edu),
Office hours: By appointment only
Lab grader:
Udayan Banerji (ubanerji@usc.edu)
To contact both the instructor and the TA please email csci530@usc.edu.
|
Focus
|
This class is intended to give students an overview of systems
security, its workings, and its role in protecting data and
computing resources. At the end of the course,
students should be able to
- Describe and assess a broad range of security problems and solutions
- Understand the fundamental mathematics and engineering
underlying security systems
- Judge the suitability of security systems for various
applications
- Know how to develop new security systems and features
|
|
Academic Integrity
Policy
|
|
Recommended Textbooks
|
|
Syllabus / Topics
Covered
|
Date | Topics
covered | Slides | Lab | Assignments |
1/11 | Introduction | PPT PDF | | |
1/13 | Cryptography | PPT PDF | | |
1/14 | | | Lab introduction | |
1/18 | Stream ciphers Block ciphers | PPT PDF | | |
1/20 | Public-key
cryptography
One-way hashes | PPT PDF | | |
1/21 | | | Cryptography | |
1/25 | Key exchange | PPT PDF | | |
1/27 | Key exchange | PPT PDF | |
1/28 | | | Authentication | |
2/1 | Authentication, authorization and
policy | PPT PDF | | | |
2/3 | Authentication, authorization and policy |
PPT PDF | | |
2/4 | | | Authorization | |
2/8 | Malicious code | PPT PDF | | |
2/10 | Malicious
code | PPT PDF | | Crypto/Auth/Policy reports due |
2/11 | | | Software-security | |
2/15 | Malicious code | PPT PDF | | |
2/17 | Midterm review | | | |
2/18 | | | No lab lecture | |
2/22 | Midterm | | | |
2/24 | DDoS | PPT PDF | | |
2/25 | | | Packet sniffing | |
3/1 | DDoS | PPT PDF | | |
3/3 | DDoS | PPT PDF | | |
3/4 | | | Firewalls (DETER) | |
3/8 | Viruses | PPT PDF | | |
3/10 | Worms | PPT PDF | | |
3/11 | | | Intrusion detection | DDoS reports due |
3/15 | Spring recess - no class | | | |
3/17 | Spring recess - no
class | | | |
3/22 | Worms | PPT PDF
| | Report 2 reviews due |
3/24 | Worms | PPT PDF | | |
3/25 | | | ARP spoofing
(DETER) | Revised DDoS reports due |
3/29 | Botnets | PPT PDF | | |
3/31 | Trusted
computing | PPT PDF
| | |
4/1 | | | Tunnels and
VPNs (DETER) | |
4/5 | Privacy | PPT PDF
| | Botnet reports due |
4/7 | Human element | PPT PDF
| | |
4/8 | | | Computer
forensics (DETER) | |
4/12 | Topic of your choice | PPT PDF
| | |
4/14 | Crypto/auth/policy
presentations | | | |
4/15 | | | No lab lecture | |
4/19 | DDoS presentations | | | Privacy reports due |
4/21 | Botnet
presentations | | | |
4/22 | | | No lab lecture | |
4/26 | Privacy presentations | | | |
4/28 | Final review | | |
|
Reports
|
In this course you will be asked to write four paper reports
on chosen topics. These are:
- Cryptography, authentication, authorization or policy (choose one
topic from these four)
- Denial of service
- Botnets
- Privacy
Each time you will need to select a paper that fits
the following criteria:
- Deals with the chosen topic
- Published in the last five years
- Published in one of the following venues: Sigcomm, Infocom, ACM CCS,
Usenix Security Symposium, NDSS, NSDI, IEEE Transactions on Secure and
Dependable Computing, IEEE Transactions on Networking
Your report should be 2-4 pages long and consist of the following
sections
- Summary of the problem addressed by the paper
- Why is this an important problem
- Why is this a difficult problem
- A short description of the solution proposed in the paper
- Summary of the evaluation strategy presented in the paper to test
the proposed solution, and summary of results
- Your opinion of the proposed solution
- Your ideas for improvement of the proposed solution or for a
different approach to solve the problem in question
You will be asked to submit your reports via the DEN system (http://mapp.usc.edu).
Only PDF files will be accepted. Submitting a report in
another file format will bring a zero grade on the assignment.
Reports will be graded based on your understanding of the material
presented in the paper, the originality and correctness of your
critique of the paper, and the clarity of the report. Additionally,
one of your reports will be chosen for the presentation at the end of
the semester. You will be asked to create a 5 minute presentation with
the highlights of your report and present it to the class. This
presentation will carry 4% of your final course grade (and the reports will carry
another 16%).
For the reports students may receive an automatic extension
of 48 hours total that may be applied across all four
assignments. If you turn in one of your assignments 8 hours late, then
you will only have 40 hours remaining in extensions to use on
subsequent assignments. I suggest not using the whole 48 hours on the
first assignment, because if you have an unforseen scheduling issue
arises later in the semester, it will be your problem. Late
assignments (beyond any extension) will be assesed 20 point penalty
(out of max 100 points per assignment) per day they are late.
|
Quizzes
|
There will be 3-4 quizzes in the course, to match the
exercises in the lab section that use the DETER testbed. These quizzes
will evaluate your understanding of the material demonstrated in the
exercise pre and post the exercise. Each quiz is 4-5 questions long
and is a multiple-choice quiz. Both pre and post quizzes will be
graded but only the higher grade will count toward your final grade in
the course. Quizzes will be given via Blackboard and are open-book,
open-notes.
|
Exams
|
There will be a midterm and a final exam in this course. Both
exams are closed-book. Final exam will cover only those topics that
were taught after the midterm exam.
|
Lab
|
This course has a required lab section on Fridays that
exercises concepts taught in the class through simulation or
emulation. The labs are required (you must complete 8 of 10) and carry
20% of your final grade. The lab section is independently managed by
its instructor, David Morgan. The lab Web page is http://ccss.usc.edu/530l.
|
Grading
|
Grades will be calculated based on the following formula:
Class tasks | Percentage of the final
grade |
Paper reports/presentations | 20% | |
Lab | 20% | |
Participation | 5% | |
Quizzes | 5% | |
Midterm exam | 20% | |
Final exam | 30% | |
| |