CS155 Computer and Network Security

Course Syllabus

Spring 2018

 
Lecture 1:
4/ 3/18
(DB)
Course overview    [pdfppt]
Reading:

Part 1: Basics
 
Lecture 2:
4/ 5/18
(DB)
Control hijacking attacks: exploits    [pdfppt]
Reading:
 
Lecture 3:
4/10/18
(DB)
Control hijacking attacks: defenses    [pdfppt]
Reading:
 
Lecture 4:
4/12/18
(JM)
Principle of least privilege, access control, and operating systems security    [pdfppt]
Reading:
 
Lecture 5:
4/17/18
(DB)
Dealing with legacy code: sandboxing and isolation    [pdfppt]
Reading:
 
Lecture 6:
4/19/18
(inv)
Exploitation techniques and fuzzing   (Alex Stamos)    [pdf]
Reading:
 
Lecture 7:
4/24/18
(DB)
Overview of cryptography    [pdfppt]
Reading:

Part 2: Web Security
 
Lecture 8:
4/26/18
(JM)
Basic web security model    [pdfppt]
Reading:
 
Lecture 9:
5/ 1/18
(DB)
HTTPS: goals and pitfalls    [pdfppt]
Reading:
 
Lecture 10:
5/ 3/18
(JM)
Web application security    [pdfppt]
Reading:
 
Lecture 11:
5/ 8/18
(JM)
Session management and user authentication    [pdfppt]
Reading:
 
Lecture 12:
5/10/18
(JM)
Content Security Policies (CSP), Web workers, and extensions    [pdfppt]
Reading:

Part 3: Network security
 
Lecture 13:
5/15/18
(DB)
Security issues in Internet protocols: TCP, DNS, and routing    [pdfppt]
Reading:
 
Lecture 14:
5/17/18
(JM)
Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters    [pdfppt]
Reading:
 
Lecture 15:
5/22/18
(DB)
Unwanted traffic: denial of service attacks    [pdfppt]
Reading:
 
Lecture 16:
5/24/18
(JM)
Tools for improving system security    [pdfppt]
Reading:
  • Ashcraft and Engler: Using Programmer-Written Compiler Extensions to Catch Security Holes. pdf, Sections 1-2.
  • Bau, Wang, Bursztein, Mutchler and Mitchell: Vulnerability Factors in New Web Applications. pdf

Part 4: Security of mobile platforms
 
Lecture 17:
5/29/18
(JM)
Mobile platform security models: Android and iOS    [pdfppt]
Reading:
 
Lecture 18:
5/31/18
(JM)
Mobile threats and malware    [pdfppt]
Reading:
 
Lecture 19:
6/ 5/18
(inv)
Final lecture: TBD    [pdf]
Reading: