CSCI 451 Computer Security
by Hui Chen, Ph.D.
Overview
This course focuses on communication security in computer systems and networks. It is intended to provide students with a comprehensive introduction to the field of network security. The course covers critical network security services such as authentication and access control, integrity, and confidentiality of data, routing, firewalls, virtual private networks, and web security. Where appropriate, we examine threats and vulnerabilities to specific a rchitecture and protocols.
Prerequisites:CSCI 358 Introduction to Information Assurance or approval of the instructor
Syllabus
Download it in a PDF file
Textbook
You may access VSU's Safari's Book-Online subscription from using VSU library's off-campus access service.
- Matt Bishop, Introduction to Computer Security, Addison-Wesley Professional, October, 2004, ISBN-13: 978-0-321-24774-5.
Reference Books
- Matt Bishop, Computer Security: Art and Science, Addison-Wesley Professional, October, 2004, ISBN-13:978-0-321-24744-5. This book is a version of the book with more formal and mathematical treatment of the subject than the textbook. If you wish more formal and mathematical treatment, read this book intead.
- Dorothy Elizabeth Robling Denning. 1982. Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
- Bruce Schneier. 1996. Applied Cryptography. John Wiley & Sons.
- Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno. 2010. Cryptography Engineering. John Wiley & Sons.
Class Schedule and Material
-
08/17 Course Overview and Introduction to Computer Security
Topic: Overview of basic computer security concepts
Reading:
Assignment:
-
08/19 - 08/21 Access Control Matrix
Topic: Access Control Matrix
Reading:
Assignment:
-
08/24 Students' Presentation and Discussion
Reminder: Lab 1 is due
-
08/28 Security Policies
-
08/28 Examples of Policy Models
Topic: Policy Examples: The Bell-LaPadula Model; Biba Integrity Model; Clark-Wilson Integrity Model; Chinese-Wall Model
Assignment:
See lecture notes -
08/31 - 09/04 Basic Cryptography I
Topic: Transposition Ciphers; Substitution Ciphers; Vigenere Cipher; Simple Cryptanalysis;
Reading:
Program:
- Making Vigenere Tableau in: C++; C; Java; and Matlab/Octave
- Attacking Caesar Cipher: attackcaesar.m
- Attacking Vigenere Cipher: readline.m findcommonsubstrings.m computeic.m guesskey.m vigenere.m computeletterfreq.m;
Assignment:
See lecture notes.(Homework L5-1) question 8 in exercise 8.7 in the textbook (page 120) -
09/07 Labor Day Holiday. University Closed. No Class.
-
09/09 Basic Cryptography I (Continued)
Topic: continue the lectures from 08/31/ - 09/04
-
09/11 Basic Cryptography II
Topic: DES; AES; RSA; Cryptographic Checksums;
Reading:
Assignment:
- Exercises in lecture notes
- Reading and Oral Presentation: Side-Channel Attacks on AES Implementations [ It’s all a question of time – AES timing attacks on OpenSSL and A shared cache attack that works across cores and defies VM sandboxing---and its application to AES ] (2-student presentation in class on 10/07) .
-
9/16 - 09/18 Key Distributions
-
09/21 - 09/25 Public Key Infrastructure
Reading:
Assignment:
Mini-Project 1 on PKI and Mini-Project 2 on PGP (due two weeks after it has been posted. Submit your work to Blackboard.)Resources for Mini-Project 1 The Mini-Project 1 is based on the PKI lab developed by Professor Wenliang Du at Syracus University. You may download the lab manual from this site. Download a Debian Linux virtual machine prepared for this lab from either Dropbox or OneDrive. Both the username and password are "debian" (without the quotation marks).
-
09/28 Midterm Review
-
09/30 Midterm Exam
-
09/30 Recap on Midterm Exam
-
10/05-10/06 Fall Break. No Class.
-
10/7 Cipher Techniques: Common Problems
Reading:
Assignment:
- Students' Presentation: Side-Channel Attacks on AES Implementations [ It’s all a question of time – AES timing attacks on OpenSSL and A shared cache attack that works across cores and defies VM sandboxing---and its application to AES ]
-
10/9 Cipher Techniques: Stream and Block Ciphers
Reading:
Assignment:
Mini-Project 2 on PGP and Mini-Project 2 on PGP (due two weeks after it has been posted. Submit your work to Blackboard.) -
10/12 Cipher Techniques: Networks, Cryptography, and Example Protocols
Reading:
-
10/14 Design Principles
-
10/16 - 10/23 Representing Identity
Reading:
-
10/26 -10/30 Identify and Anonymity on the Web
Reading:
Assignment:
(Homework L14-1) Answer questions 1 in Chapter 13 of the textook (page 234).
Note: to answer this question, you may want to consult references on web cookies, e.g., Document.cookie Web API , and IETF RFC 6265 .
-
11/02 - 11/09 Controlling Access to Files
-
11/11 - 11/18 Ring-based Access Control
Reading:
-
11/20 - 11/23 Introduction to Assurance
Reading:
-
11/26 Thanksgiving Holiday. University Closed. No Class.
-
11/30 Review for Final Exam
-
12/02 Class Project; Q & A; Last Day of Classes
-
12/03 Reading Day. Senior Project Presentation.
-
12/04 - 12/09 Final Examination Week
CSCI451 Final Exam:
10:30 - 12:30PM, Monday, December 7, 2015