Home / Teaching / CS426 — Computer Security

CS426 — Computer Security

  • Course Information
  • Lecture Notes & Readings
  • Project
  • Homework
  • Exam

Course Syllabus

Please make sure you read and understand all the details in the course syllabus. The Syllabus can be downloaded from here.

Coures Overview

A survey of the fundamentals of information security. Risks and vulnerabilities, policy formation, controls and protection methods, database security, encryption, authentication technologies, host-based and network-based security issues, personnel and physical security issues, issues of law and privacy.

Prerequisite

Formal Prerequisite — CS354 course: Operating Systems.
Programming Prerequisite — Familiarity with C/C++ and Assembly programming languages.

Class Schedule

Tuesdays and Thursdays [1:30 pm – 2:45 pm] in HAAS G66.

Textbook

Security in Computing, 4th Edition, Pfleeger. [link] Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson. [Free download from author’s page]

Grading and Assessment

The final grade will be based on the following:

Written Assignments and Homework (20%).
Mid-term Exam (20%).
Projects (30%)
Final Exam (30%).

Exams are closed books and closed notes. The distribution of grades may change with notice.
A re-grade request must be submitted in writing (by emailing the TA) within a week from the handed results.

Instructor

Mohammed Almeshekah
Email: malmeshe@purdue.edu
Office: LWSN 2161-11.
Office Hours: Tuesdays and Thursdays 10:30 am – 12:00 pm or by appointment.

TA

Long Zhen
Email: lzhen@purdue.edu
Office: LWSN B116H (#02)
PSOs:

Monday: 3:30 pm – 5:20 pm (LWSN B146).
Wednesday: 9:30 am – 11:20 am (LWSN B158)
Thursday: 9:15 am – 11:15 am (LWSN B158)

Academic Integrity

Academic Honesty and Ethical behavior are required in this course, as it is in all courses at Purdue University. The class will be conducted according to the policy written by Professor Gene Spafford. Please take the time to read it carefully. This policy will be followed unless I provide written documentation of exceptions.

You are encouraged to talk with the instructor about any questions you have about what is permitted on any particular assignment.

Class Announcements

All the class announcements and discussions will be posted on Piazza.

Week

Tuesday

Thursday

Week 1
Jan. (13-17)

Slides 1 – Course overview.
Readings for this lecture:
Pfleeger’s book — section (1.1).

Slides 2 – Classical Cryptography.
Slides 2 – part 2 – Modern Cryptography: Stream Ciphers and Block Ciphers.
Readings for this lecture
Anderson’s book – sections (5.3.2) and (5.3.3).
Pfleeger’s book – sections (2.1), (2.2) and (2.4).

Week 2
Jan. (20-24)

Slides 3 – Modern Cryptography: Block Ciphers, Mode of Operations, Hash Functions and MACs.
Readings for this lecture:
Anderson’s book – sections (5.5), (5.3.1) and (5.6.2).

Slides 4 – Asymmetric Cryptography: Public-Key Encryption, Digital Signatures.
Cryptographic Keys Establishment and Management.
Readings for this lecture:
Anderson’s book – (5.3.4), (5.3.5), (5.7.1), (5.7.2) and (3.7).
Homework 1 is out – Due date is Feb. 6th at the beginning of class.

Week 3
Jan. (27-31)

Slides 5 – Software Security.
Readings for this lecture:
Pfleeger’s book – sections (3.1), (3.2) and (3.5).
Smashing The Stack For Fun And Profit.

Continue on Software Security.

Week 4
Feb. (3-7)

Slides 6 – Malicious Programs.
Readings for this lecture:
Pfleeger’s book – sections (3.3) and (3.4).

Slides 7 – Web Security.
Readings for this lecture:
“Securing Your Web Browser” – US-CERT article. [link] OWASP top 10. [pdf] Homework 1 is due at the beginning of class.
Project 1 is out – Due date is Feb. 20th at midnight. [available in the Projects page]

Week 5
Feb. (10-14)

Slides 8 – OS Security.
Readings for this lecture:
Pfleeger’s book – sections (4.1) and (4.2), (4.3) and (4.4).

Continue with User Authentication.
Slides 9 – Access Control.

Week 6
Feb. (17-21)

Continue with Access Control.
Readings for this lecture:
UNIX File and Directory Permissions and Modes [link] Unix file permissions [link]

Continue with Access Control.
Slides 10 – Multi-Level Security (Bell-Lapadula).
Readings for this lecture:
Anderson’s Book — Sections (8.1), (8.2) and (8.3). [pdf] Project 1 is due at midnight.
Homework 2 is out on Sunday Feb. 23rd – Due date is March 6th at the beginning of class.

Week 7
Feb. (24-28)

Slides 11 – Integrity Models.
Slides 12 – Information Security Standards and Principles.
Readings for this lecture:
Pfleeger’s Book — Sections (5.1), (5.2), (5.3), (5.4) and (5.5).
The Protection of Information in Computer Systems by Saltzer and Shroeder [pdf]

Continue with Information Security Standards and Principles.
Slides 13 – Market Failure of Secure Software.

Week 8
March (3-7)

Slides 14 – Netwrok Security.
Readings for this lecture:
Pfleeger’s Book — Sections (7.1), (7.2) and (7.3).

Continue with Network Security.
Readings for this lecture:
Spafford and Schuba DNS Vulnerability [link] Homework 2 is due at beginning of class.
Project 2 is out – Due date is March 27th at midnight. [available in the Projects page]

Week 9
March (10-14)

Continue with Network Security.
Readings for this lecture:
Dan Kaminsky DNS Vulnerability [link]

Midterm Exam will take place during class time [Room WTHR 320].

Week 10
March (17-21)

Spring Break

Spring Break

Week 11
March (24-28)

Continue with Network Security.

Slides 15 – Wireless Security.

Week 12
March 31-April 9

Continue with Wireless Security.
Homework 3 is out on Wednesday April 2nd – Due date is April 10th at the beginning of class.
Project 2 is due at midnight.

Slides 16 – Cellular Security.

Week 13
April (7-11)

Slides 17 – Perimeter Defenses.
Readings for this lecture:
Perimeter Security Fundamentals [link]

Guest lecture on Computer Forensics
Homework 3 is due at beginning of class.
Project 3 is out – Due date is May 1st at midnight.

Week 14
April (14-18)

Slides 18 – Privacy and Anonymity.

Slides 19 – Risk Management.

Week 15
April (21-25)

Slides 20 – Laws and Ethics in Information Security.
Slides 21 – Information Security Economics.

Slides 22 – Information Hiding.

Week 16
April 28-May 8

Course Review.

No lecture (take time to finish the project).
Project 3 is due at midnight.

Project 1

Project 1 is out. [pdf] Due Date — Feb. 20th, 2014 at 11:59 pm (midnight).
The TA will be giving a presentation on the project during the three PSOs. You can view the presentation from here [pdf].
Stats:
Max: 100.
Average: 69.
Median: 66.
Min: 30.
Standard Deviation: 25.

Project 2

Project 2 is out. [pdf] Due Date — April 1st, 2014 at 11:59 pm (midnight) [Extended] The TA will be giving a presentation on PHP and the project during the three PSOs. You can view the presentations from here [PHP] [Project].
Stats:
Max: 105.
Average: 89.
Median: 94.
Min: 48.
Standard Deviation: 13.

Project 3

Project 3 is out. [pdf] Due Date — May 1st, 2014 at 11:59 pm (midnight)
The TA will be giving a presentation on the use of OpenSSL library during the PSOs. You can view the presentation from here [pdf].
Stats:
Max: 100.
Average: 78.
Median: 90.
Min: 30.
Standard Deviation: 21.

Homework 1

Homework 1 is out. [pdf] Homework reading:
Intercepting Mobile Communications: The Insecurity of 802.11.
Due Date — Feb. 6th, 2014 at the beginning of class.
Stats:
Max: 99.
Average: 89.
Median: 93.
Min: 30.
Standard Deviation: 11

Homework 2

Homework 2 is out. [pdf] Homework reading:
Why Cryptosystems Fail?
Authentication in an Internet Banking Environment
Dos and Don’ts of Client Authentication on the Web
Password protection for modern operating systems
Due Date — March 6th, 2014 at the beginning of class.
Stats:
Max: 99.
Average: 83.
Median: 87.
Min: 46.
Standard Deviation: 13

Homework 3

Homework 3 is out. [pdf] Due Date — April 10th, 2014 at the beginning of class.
Stats:
Max: 100.
Average: 88.
Median: 90.
Min: 70.
Standard Deviation: 9.

Midterm

Midterm exam is scheduled for Thursday March 13th.
Time – usual class time [1:30 pm – 2:45 pm] Location – WTHR, Room 320.
Content – All the content covered up to and including the lecture on Thursday March 6th, 2014.
Closed everything exam (calculator, notes, books, laptop, etc).
If you are going to miss the exam for a valid reason (check the syllabus), you must let me know before the exam time.
Exam presentation [pdf].
Exam Discussion [pdf].
Stats:
Max: 87.
Average: 65.
Median: 65.
Min: 34.
Standard Deviation: 11.

Final Exam

Final exam is scheduled for Thursday May 8th, 2014.
Time – [8:00 am – 10:00 am] Location – MSEE – room B012.
Content – All the content covered in the course.
Closed everything exam (calculator, notes, books, laptop, etc).
Exam review will be made on the last day of lectures on Tuesday April 29th, 2014 [pdf].