CS378: Spring 2013
Network Security and Privacy

Unique number: 53600
Class time: TT 2-3:30pm; Location: PAR 201
Instructor: Dr. Bill Young
Office: GDC 7.810; Office Hours: MWF 11-noon and by appt.
Office Phone: 471-9782; Email: byoung@cs.utexas.edu
TA: Riddhi J. Shah; Email: riddhi.j.shah@utexas.edu;
TA Hours: Fridays noon-2pm, in PAI 5.33 (later in GDC 1.302)
This website: www.cs.utexas.edu/users/byoung/networks-cs378/syllabus-networks378.html

Important Class Announcements:

Breaking news important to the class will be posted here. Consult this spot often.

Note the change on the exam re-do. It's due Tuesday, not Monday.

Brad Burlage is our proctor and probably the most knowledgable person about the homework. His email is bradburlage@gmail.com.

Prof. Shmatikov's link for "Next Generation Clickjacking" is broken. The paper is here: Next Generation Clickjacking.

Here is the list of folks signed up so far to lead the in-class discussions: weekly discussions. If you haven't signed up yet, please do so.

Our Piazza page has been set up. Because there was already a page for CS 378 this semester, they named it "CS 378N". Check it out; it's an excellent place to post questions.

Prof. Shmatikov, who usually teaches this class in the Spring semester is not doing so. This is a special section being offered only to graduating seniors who must have it at this time to complete their InfoSec certification. Prof. Shmatikov will offer it again Fall, 2013.

Course Description:

Professor Vitaly Shmatikov regularly teaches this class in the Spring semester. Because he was not doing so this semester, I am teaching it to only students who must have it at this time to complete their InfoSec certification. I will be closely following Prof. Shmatikov's syllabus syllabus. Grading is based on participation, projects, and homeworks.

Required text:

"Network Security: Private Communication in a Public World" (Second Edition) by Kaufman, Perlman and Speciner: Prentice-Hall, 2002. In addition, there are a number of papers you'll read over the course of the semester. These are all linked from Prof. Shmatikov's syllabus for the class.

Course Schedule

Below is the tentative schedule for the semester. [slides] refers to Prof. Shmatikov's slides found on his website, linked above. Readings are either from Kaufman or papers also linked on that website and from the slides that accompany these lectures. You are expected to have done the reading prior to class.

Week Topics Readings Due
Week 1 (1/15) Course logistics and intro Kaufmann 1.5, Start reading "Smashing the Stack for Fun and Profit"
Week 2 (1/22) passwords, security questions, challenge-response Kaufmann 9.1-2 and 10, 11.1-2 and 12.2.
Week 3 (1/29) Cryptographic hash functions, biometrics Kaufmann 5.1-2 and 5.6-7
Week 4 (2/5) phishing, cookies, web management Kaufmann 25, Dos and don'ts of client management
Week 5 (2/12) JavaScript and same origin, clickjacking and cross-site request forgeries Next generation clickjacking and Cross-site request forgeries: exploitation and prevention HW 1 due
Week 6 (2/19) SQL injection and cross-site scripting, symmetric encryption Read Advanced SQL Injection and Cross site scripting explained, Kaufman 2.1-4 and 4.2
Week 7 (2/26) Kerberos, Stream ciphers, Attacks on 802.11b/WEP, CSS, MIFARE Kaufmann 13 and 14 and Designing and authentication system
Week 8 (3/5) Attacks on TCP/IP, DNS, BGP, Denial of service Read SYN cookies, IP spoofing demystified, It's the end of the cache as we know it Project 1 due, Midterm (3/7)
Spring Break
Week 9 (3/19) Memory corruption, defenses against memory attacks Read Smashing the stack, Once upon a free(), and Exploiting format string vulnerabilities
Week 10 (3/26) Viruses and rootkits, worms and botnets Project 2 (part 1) due
Week 11 (4/2) Stuxnet, Spam
Week 12 (4/9) Firewalls and intrusion detection, public-key crypto Kaufmann 23 and 6.1-6 Project 2 (part 2) due
Week 13 (4/16) SSL Kaufman 19
Week 14 (4/23) PKI and Certificates, IPsec Kaufman 15.1-7, 17 HW 2 due
Week 15 (4/30) IPsec, IKE, side-channel attacks Kaufman 18 HW 3 due, Final test (5/2)

Scholastic Dishonesty:

Academic dishonesty will not be tolerated. See http://www.cs.utexas.edu/academics/conduct for an excellent summary of expectations of a student in a CS class.

All work must be the student's own effort (with the exception of explicitly approved group effort on projects). No deviation from the standards of scholastic honesty or professional integrity will be tolerated. Scholastic dishonesty is a serious violation of UT policy; and will likely result in an automatic F in the course and may result in further penalties imposed by the department or by the university. Don't do it. If you are caught, you will regret it. And if you're not caught, you're still a cheater.