Home
Course description
Lecture notes
Assignments
Reference
CS 378 - Network Security and Privacy (54315)
Spring 2009
Time and place
Tue and Thu, 2-3:30pm, BUR 136
Instructor
Vitaly Shmatikov
Email:
shmat AT cs
Office: TAY 4.115C
Phone: 471-9530
Office hours: Tue 4-5pm
TA
Jimmy Yang
Email:
jyang AT cs
Office: ENS 31NQ (desk #1 or #2)
Office hours: Wed, 1:30-3:30pm or by appointment
Newsgroup
utexas.class.cs378-shmat
Textbook
Network Security
(2nd edition) by Kaufman, Perlman, and Speciner.
ISBN 0130460192.
Grading
Homeworks: 30%
Projects: 25%
Midterm: 20%
Final: 25%
Last update: May 13
Announcements
Graded finals are outside TAY 4.115C.
Course schedule
Jan 20.
Course logistics and introduction.
[slides]
Read Kaufman 1.5.
Start reading
Smashing the stack for fun and profit
.
Jan 22.
Cryptographic hash functions.
[slides]
Read Kaufman 5.1-2 and 5.6-7.
Jan 27.
Rogue digital certificates - guest lecture by Arvind Narayanan.
Jan 29.
User authentication: passwords.
[slides]
Read Kaufman 9.1-2 and 10.
Feb 3.
User authentication: biometrics, challenge-response.
Read Kaufman 11.1-2 and 12.2.
Feb 5.
Web security: cookies and authentication.
[slides]
Read Kaufman 25 and
Dos and don'ts of client authentication
.
Feb 10.
Web security: JavaScript primer.
Homework 1
assigned.
Feb 12.
Guest lecture by Jeremy Powell (atsec).
Feb 17.
Web security: cross-site scripting, SQL injection.
[slides]
Feb 19.
Web security: cross-site request forgery. Browser security.
Homework 1 due.
Feb 24.
Guest lecture by Arvind Narayanan.
Feb 26.
Symmetric encryption.
[slides]
Project 1
assigned.
Read Kaufman 2.1-4 and 4.2.
Mar 3.
Kerberos.
[slides]
Read Kaufman 13 and 14, and
Designing an authentication system
.
Mar 5.
Stream ciphers. Attacks on CSS and 802.11b/WEP.
[slides]
Mar 10.
Attacks on TCP/IP, BGP, DNS. Denial of service.
[slides]
Project 1 due.
Read
SYN cookies
and
IP spoofing demystified
.
Mar 12.
Midterm
.
Spring break.
Mar 24.
Buffer overflow and other memory exploits.
[slides]
Project 2
assigned.
Read
Smashing the stack
,
Blended attacks
, and
Exploiting format string vulnerabilities
.
Mar 26.
Buffer overflow (cont'd).
Mar 31.
Firewalls.
[slides]
Read Kaufman 23.
Apr 2.
Malware: rootkits and viruses.
[slides]
Read Kaufman 1.12 and
Slammed!
Apr 7.
Malware: worms and botnets.
[slides]
Apr 9.
Spam.
[slides]
Project 2 due.
Apr 14.
Phishing.
[slides]
Apr 16.
Intrusion detection.
[slides]
Homework 2
assigned.
Apr 21.
Public-key cryptography.
[slides]
Read Kaufman 6.1-6.
Apr 23.
PKI and certificates. Public-key authentication.
[slides]
Homework 2 due.
Read Kaufman 15.1-7.
Apr 28.
IPsec and IKE.
[slides]
Read Kaufman 17 and 18.
Apr 30.
Web security: TLS.
[slides]
Homework 3
assigned.
Read Kaufman 19.
May 5.
Anonymity networks.
[slides]
May 7.
Side-channel attacks: acoustics and reflections.
[slides]
Homework 3 due.
May 13 (Wed, 9a-12n).
Final
.
In the news
FAA's air-traffic networks breached by hackers
- May 7 (WSJ)
Computer spies breach fighter-jet project
- Apr 21 (WSJ)
Electricity grid in U.S. penetrated by spies
- Apr 8 (WSJ)
Spam overwhelms e-mail messages
- Apr 8 (BBC)
Vast spy system loots computers in 103 countries
- Mar 29 (NYT)
'Scareware' scams trick searchers
- Mar 23 (BBC)
Computer experts unite to hunt worm
- Mar 19 (NYT)
Facebook users suffer viral surge
- Mar 2 (BBC)
Hackers target Xbox Live players
- Feb 20 (BBC)
Microsoft bounty for worm creator
- Feb 13 (BBC)
Parking ticket leads to a virus
- Feb 5 (BBC)
Password optional: huge security breach hits SpeedData
- Feb 3 (TechCrunch)
Beware of Facebook "friends" who may trash your laptop
- Jan 29 (WSJ)
Cyber-scams on the uptick in downturn
- Jan 29 (WSJ)
Job website hit by major breach
- Jan 27 (BBC)
Clock ticking on worm attack code
- Jan 20 (BBC)
Top 25 most dangerous programming errors
- Jan 12 (SANS)
Celebrity Twitter accounts hacked
- Jan 5 (TechCrunch)
Rogue digital certificates strike blow to Internet security
- Dec 30 (SearchSecurity.com)
Code of Conduct
UTCS
Code of Conduct
will be strictly enforced.