CIS 551 / TCOM 401 - Computing and Network Security

CIS 551 / TCOM 401 - Computer and Network Security
Spring 2006

Topics Reading Projects Grading Lectures Policies

Time: Tues. & Thurs. 1:30 - 3:00
Room: Towne 303

Instructor:

Steve Zdancewic
e-mail: stevez AT cis.upenn.edu
office hours: Thurs. 9:30-10:30 (and by appointment) Levine 511

Teaching Assistants:

Karl Mazurak
e-mail: mazurak AT cis.upenn.edu
office hours: Mon. & Weds. noon - 1:00 Levine 575

Topics:

System Security: hacker behavior, intrusion & anomaly detection, hacker and admin tools
Networks & Infrastructure: TCP/IP, Denial of Service, IPSEC, TLS/SSL
Basic Cryptography: Shared key crypto (AES/DES), Public Key Crypto (RSA), hashes
Crypto software: Open SSL library, applications (authentication, digital signatures)
Trust & Configuration management
Malicious code: buffer overflows, viruses, worms, protection mechanisms
Covert Channels

Reading

There is no required textbook for this class. Instead, see the following sources:

The Protection of Information in Computer Systems, Saltzer & Schroeder (1975)
The Internet Worm Program: An Analysis, Gene Spafford (1988)
Smashing the Stack for Fun and Profit, Aleph One (1996)
Kerberos: An Authentication Service for Open Network Systems, Steiner, Neuman, Schiller (1988)
Kerberos FAQ
Smashing the Stack for Fun and Profit, Aleph One (1996)
Introduction to the Internet Protocols, Charles L. Hedrick (Rutgers). This 1987 tutorial is surprisngly up to date, and is a very concise introduction to the basics of the Internet protocols.
Open SSL web page. The OpenSSL library is installed on eniac-l.
"A look Back at 'Security Problems in the TCP/IP Protocol Suite'". S. M. Bellovin. 20th Computer Security Applications Conference. December 2004.
"Advanced 4.4BSD Interprocess Communication Tutorial." Lefler, et al.
Why Cryptosystems Fail, Ross Anderson (1993)
Inside the Slammer Worm, Moore et al. (2003).
How to 0wn the Internet in Your Spare Time , Staniford, Paxson, and Weaver (2002).
Top Speed of Internet Flash Worms, Staniford, Moore, Paxson, and Weaver (2004).
Internet Quarantine: Requirements for Containing Self-propagating Code, Moore et al. (2003)
Automated Worm Fingerprinting, Singh et al. (2004)
Bro Intrusion Detection System
Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson. (1998)
NSA Central Security Service
TCSEC
CERT
National Information Assurance Training and Information Center
Example exams from the 2005 version of 551: Midterm Final

Projects

Project 1: Buffer Overflows Due: 31 Jan. 2006

Project 2: Cryptographic Protocols Due: 14 Mar. 2006

Project 3: Intrusion Detection Systems Due: 21 April 2006

Grading Criteria

15% Midterm I - date Feb. 14th NOTE: change of date
15% Midterm II - date tentatively Mar. 21st
25% Final exam - date May 5, 9:00-11:00am Moore 216
20% Two individual projects
20% Group project
05% Scribing duties/Course participation

Lecture Slides and Notes

Schedule
Date	Topic	Notes
1/10	Introduction & Overview
1/12*	--	No Class
1/17	Buffer Overflows	Notes
1/19	Access Control	Notes
1/24	Unix & Setuid programming	Notes
1/26	Java Stack Inspection	Notes
1/31	Mandatory Access Control, Multilevel Security	Notes
2/2	Covert Channels, Common Criteria, Tempest	Notes
2/7	Symmetric Key Cryptography, DES	Notes
2/9	Public Key Cryptography, RSA	Notes
2/14	--	Midterm I
2/16	Diffie-Hellman, Cryptographic Hashes	Notes
2/21	Protocols, Challenge-Response Authentication
2/23	Digital Signatures	Notes
2/28	Key Distribution, Kerberos	Notes
3/2	SSH, Human Authentication	Notes
3/7	--	Spring break
3/9	--	Spring break
3/14	Ethernet, 802.11, WEP	Notes
3/16	IP, DNS	Notes
3/21		Midterm II
3/23	UDP, TCP	Notes
3/28	SMTP, NATs, and Firewalls	Notes
3/30	Firewalls/Viruses	Notes
4/4	Worms	--
4/6	Virus & Worm Scanning / Intrusion Detection	--
4/11	Inrusion Detection / Automatic Signature Extraction	--
4/13	Polymorphic Worms & Viruses/ Web Security	Notes, Notes2
4/18	E-commerce	Notes
4/20	Digital Cash / Conclusions	--
*indicates dates when Prof. Zdancewic will be away.

Course Policies

This course will abide by the University's Code of Academic Integrity. In particular, for individual projects and group projects, the following guidelines should be followed:

For individual projects, you must type in and edit your own code, documentation, and any other materials submitted for grading.
- Copying someone else's file is not allowed.
- Allowing someone else to copy a file of yours, either explicitly or implicitly by leaving your code unprotected, is not allowed.
- Editing each other's files is not allowed
Regarding the ethics of what you may or may not discuss with others:
- "High level" discussions are fine.
  For example, discussions about the problem statement.
- "Low level" discussions are fine.
  For example, discussions about C syntax or using gdb, understanding compiler error messages, understanding the mechanics of the tools and libraries used for the projects.
- "Mid level" discussions require discretion. In this CIS course, discussions at this level must be limited. Unless explicitly stated otherwise, you may not collaborate significantly with classmates (except group project members) at this level. If you have minor discussions with others at this level or get help from outside resources (tutors, web sites, etc), you must cite at the top of the submitted projects the names of the people or websites who helped you and how they did. For example:
```
      /**
       * Chris Brown
       * Project 1
       * 5/6/2007
       * I received tips from Jo Johnson on the i/o and example.com/mem.htm on memory
       */
        
```
If there is any doubt about the use of external sources or collabortation, please ask for clarification by the course staff.

CIS 551 / TCOM 401 - Computer and Network Security Spring 2006

Time: Tues. & Thurs. 1:30 - 3:00 Room: Towne 303