Syllabus: CIS-5930/Applied Security  (Fall 2005)

Instructor

Breno de Medeiros


Assistant Professor







Smiling picture of Breno                     
Mailing address
Florida State University
105-D James Love Bldg
Tallahassee   FL 32306-4530
United States

Quick Shortcuts

Class meeting time/place
Textbook
Content
Assignments
Lecture Slides
Grading and exam dates
Policies
Resources

Class and Office Hour Times

Class meetings:     Tuesdays and Thursdays, 5:15--6:30pm.
Office hours:         Wednesdays and Fridays, 9:00--11:00am, and by appointment.
Lecture location:   Conradi 0222
Lab location:         Love 016
Office location:     Love 105-D (office hours take place in this office)

Class meetings take place at two locations in different buildings, depending whether a particular class is a lecture or a lab.  Class activities, including any grade-related activities, will start at 5:15pm promptly, with no allowance for students who erroneously go first to the incorrect location.  Please take note in your agenda where each class meeting will take place.  This will be announced well in advance in this web page.

Course Goals

In this course, students will familiarize themselves with current and emerging threats to the security of computer systems and networks, including viruses, worms, netwrok intrusion, and spam, and with techniques for the prevention, detection, and recovery from such attacks, such as firewalls, intrusion detection systems, secure coding practices and others.  The approach is to study these attack and defense mechanisms in a systematic way.  The goal is to lead the students to develop both practical and analytical skills to identify, and correct or mitigate threats in computer systems.

The course time will be divided between lectures and lab activities. 

Course Syllabus

This webpage is the definitive syllabus for the course.  Please refer to this document for announcements on assignments, projects, and graded activities-related information, as well as general policies that apply to all students enrolled in this course.

Textbook

Other recommended books:

Content Covered

Assignments

 Lecture Slides

Grading and exam dates

Policies

Due to the nature of this class, students will be introduced to techniques and tools that may be (and are) used both for positive ends (plugging vulnerabilities, erecting defenses) as well as for destructive ones (target assessment, attack planning and execution).  All students, as a condition of participation in this class, are required to abide by a code of principled behavior and promise not to use the class laboratory resources in any way that violates the policies of the Computer Science Department and of Florida State University with respect to ethical use of our computing facilities. 

Any student found in violation risk a range of penalties as described in those policies. Furthermore, as instructor, I reserve the right to assign a grade of 0 (zero) to any particular assignment, or simply an 'F' (fail) as the final course letter grade, to any student who violates these policies, commensurate with my evaluation of the gravity of such student's actions. 

Any student who wishes to participate in this course will be required to sign a waiver acknowledging the receipt of this notice and agreeing to its terms.

The students are also required to abide the the University's Honor Code.  Basically, do not represent other persons' work as your own, properly cite sources, and do not intentionally seek to undermine the efforts of your classmates.

A copy of the full University Academic Honor Code can be found in the current Student Handbook.

Notice of Compliance with the Disabilities Act

Students with disabilities needing academic accommodations should register with and provide documentation to the Student Disability Resource Center (SDRC), and bring a letter from the SDRC to the instructor indicating their needs. This should be done within the first week of class. 

Research Papers for Required or Recommended Reading

[Adler2002]
M. Adler. Tradeoffs in probabilistic packet marking for IP traceback. Proceedings of ACM Symposium on the Theory of Computing (STOC 2002), ACM Press, 2002, pp. 407-418. DOI: http://doi.acm.org/10.1145/509907.509969. Also available at http://www.cs.umass.edu/~micah/pubs/traceback.ps
[BellardoSavage2003]
J. Bellardo and S. Savage. 802.11 Denial-of-Service attacks: Real vulnerabilities and practical solutions. Proceedings of the 12th USENIX Security Symposium. Available at http://www.cs.ucsd.edu/~savage/papers/UsenixSec03.pdf.
[Bellovin1989]
S. M. Bellovin.  Security problems in the TCP/IP protocol suite.  ACM SIGCOMM Computer Communication Review, 1989,  v. 19,  issue 2, pp. 32-48. Available at http://doi.acm.org/10.1145/378444.378449,
and at http://cnscenter.future.co.kr/resource/security/hacking/ipext.pdf
[Bernstein]
D. J. Bernstein. SYN cookies. http://www.cr.yp.to/syncookies.html
[BorisovJohnsonSastryWagner2005]
N. Borisov, R. Johnson, N. Sastry, and D. Wagner.  Fixing Races for Fun and Profit: How to Abuse atime.  Proceedings of the 2005 USENIX  Security Symposium, pp. 303–314.
Available at http://www.usenix.org/events/sec05/tech/full_papers/borisov/borisov_html/index.html,
and also at http://www.cs.berkeley.edu/~daw/papers/races-usenix05.ps
[BrezinskiKillalea2001]
D. Brezinski and T. Killalea. Guidelines for evidence collection and archiving. IETF RFC 3227, February 2002, http://www.ietf.org/rfc/rfc3227.txt
[CollinsReiter2004]
M. Collins and M. K. Reiter.  An empirical analysis of target-resident DoS filters.  Proceedings of IEEE Symposium on Security and Privacy, 2004, pp. 103-114. Available at http://www.ece.cmu.edu/~reiter/papers/2004/SP.pdf
[CoxGrossePikePresottoQuinlan2002]
R. Cox, E. Grosse, R. Pike, D. Presotto, S. Quinlan.  Security in Plan 9. Proceedings of the 2002 USENIX Security Symposium, pp. 3-16, 2002.  http://www.usenix.org/events/sec02/cox/cox_html/
[CowanPuMaierHintonWalpoleBakkeBeattieGrierWagleZhan98]
C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle and Q. Zhang.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks.  Proceedings of the 7th USENIX Security Symposium, 1998, pp. 68-73.  Available at http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf.
[CowanWaglePuBeattieWalpole2000]
C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Proceedings of the DARPA Information Survivability Conference and Expo (DISCEX), 2000.  At http://downloads.securityfocus.com/library/discex00.pdf
[CrosbyWallach2003]
S. A. Crosby and D. S. Wallach.  Denial-of-Service via algorithmic complexity attacks.  Proceedings of the 12th USENIX Security Symposium, 2003, pp. 29-44.  Available at http://www.cs.rice.edu/~scrosby/hash/
[DeanFranklinStubblefield2001]
D. Dean, M. Franklin, and A. Stubblefield.  An algebraic approach to IP traceback.  Proceedings of the Network and Distributed Systems Security Symposium (NDSS 2001), pp. 3-12.  At http://www.isoc.org/isoc/conferences/ndss/01/2001/papers/dean01.pdf
[DeanStubblefield2001]
D. Dean and A. Stubblefield.  Using Client Puzzles to Protect TLS.  Proceedings of the 2001 USENIX Security Symposium, 2001. At http://www.usenix.org/publications/library/proceedings/sec01/full_papers/dean/dean.pdf
[FuSitSmithFeamster2001]
K. Fu, E. Sit, K. Smith, and N. Feamster.  Dos and Don'ts of Client Authentication on the Web.  Proceedings of the 2001  USENIX Security Symposium.  At http://www.usenix.org/publications/library/proceedings/sec01/fu/fu.pdf
[HandleyPaxson2001]
M. Handley and V. Paxson.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics.  Proceedings of the 2001 USENIX Security Symposium, 2001. 
At http://www.usenix.org/publications/library/proceedings/sec01/full_papers/handley/handley.pdf
[HussainHeidemannPapadopoulos2003]
A. Hussain, J. Heidemann, and C. Papadopoulos.  A framework for classifying Denial of Service attacks.  Proceedings of ACM SIGCOMM 2003, pp. 99-110. At http://www.isi.edu/div7/publication_files/tr-569.pdf
[IoannidisBellovin2002]
J.Ioannidis and S. M. Bellovin.  Implementing pushback: router-based defense against DDoS attacks. Proceedings of Network and Distributed Systems Security Symposium (NDSS 2002), The Internet Society. 
Available at  http://www.isoc.org/isoc/conferences/ndss/02/proceedings/papers/ioanni.pdf
[JuelsBrainard1999]
A. Juels and J. Brainard.  Client puzzles: A cryptographic countermeasure against connection depletion attacks.  Proceedings of the Network and Distributed Systems Security Symposium (NDSS 1999).  The Internet Society. 
Available at http://www.isoc.org/isoc/conferences/ndss/99/proceedings/papers/juels.pdf
[JinWangShin2003]
C. Jin, H. Wang, and K. G. Shin.  Hop-count filtering: An effective defense against spoofed DDoS traffic.  Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS 2003), pp. 30-41. DOI: http://doi.acm.org/10.1145/948109.948116.  Also available at http://www.cs.wm.edu/~hnw/courses/cs780/papers/ccs03.pdf
[KeromytisMisraRubenstein]
A. D. Keromytis, V. Misra, and D. Rubenstein.  SOS: Secure Overlay Services, proceedings of the ACM SIGCOMM 2002, pp. 61-72.  Available at http://www1.cs.columbia.edu/~danr/publish/2002/Kero2002:SOS.ps
[LaurieClayton2004]
B. Laurie and R. Clayton.  Proof-of-Work proves not to work.  Proceedings of the Workshop on Economics and Information Security (WEIS 2004). At http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf
[MahajanBellovinFloydIoannidisPaxsonShenker2002]
R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker.  Controlling high bandwidth aggregates in the network.  Computer Communications Review 32:3, July 2002, pp. 62-73.  Available at http://www.cs.columbia.edu/~smb/papers/pushback-CCR.pdf
[MooreVoelkerSavage2001]
D. Moore, G. Voelker, and S. Savage.  Inferring Internet Denial of Service activity.  Proceedings of the 2001 USENIX Security Symposium.  Available at http://www.cs.ucsd.edu/~savage/papers/UsenixSec01.pdf
[MoreinStavrouCookKeromytisMisraRubenstein2003]
W. G. Morein, A. Stavrou, D. L. Cook, A. D. Keromytis, V. Misra, and D. Rubenstein.  Using graphic turing tests to counter automated DDoS attacks against web servers.  Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS 2003), pp. 8-19. DOI:  http://doi.acm.org/10.1145/948109.948114.  Also available at http://www1.cs.columbia.edu/~misra/pubs/websos.pdf
[Paxson1998]
V. Paxson.  Bro: A System for Detecting Network Intruders in Real-Time.  Proceedings of the 7th USENIX Security Symposium, 1998.  At http://www.usenix.org/publications/library/proceedings/sec98/full_papers/paxson/paxson.pdf
[Provos2004]
N. Provos. A Virtual Honeypot Framework.  Proceedings of the 13th USENIX Security Symposium, 2004, pp. 1-14.  At http://www.usenix.org/publications/library/proceedings/sec04/tech/provos.html
[Samar1996]
V. Samar.  Unified login with pluggable authentication modules (PAM).  Proceedings of the ACM Conference on Computer and Communications Security, 1996.  At http://doi.acm.org/10.1145/238168.238177, or click here.
[SchneierKelsey98]
B. Schneier and J. Kelsey. Cryptographic Support for Secure Logs on Untrusted Machines.  Proceedings of the 7th USENIX Security Symposium, 1998.  At http://www.usenix.org/publications/library/proceedings/sec98/full_papers/schneier/schneier.pdf.
[Spafford1988]
E. H. Spafford.  The Internet worm program: an analysis.  Proceedings of ACM SIGCOMM Computer Communication Review, vol. 19, issue 1, pp. 17-57, 1988.  At  http://doi.acm.org/10.1145/66093.66095.
[StanifordPaxsonWeaver2002]
S. Staniford, V. Paxson, and N. Weaver.  How to 0wn the Internet in Your Spare Time.  Proceedings of the 2002 USENIX Security Symposium, pp. 149-167. At http://www.icir.org/vern/papers/cdc-usenix-sec02/cdc.pdf
 [TanMcHughKillourhy2002]
K. Tan, J. McHugh, and K. Killourhy.  Hiding Intrusions: From the Abnormal to the Normal and Beyond.  Proceedings of the International Workshop on Information Hiding, 2002, LNCS vol. 2578, pp. 1-17. Available via Springer LINK, or at http://www.andrew.cmu.edu/user/dgao/System_Calls/25780001.pdf
[WagnerSoto2002]
D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems.  Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS 2002), pp. 255-264.  DOI: http://doi.acm.org/10.1145/586110.586145
Also at http://www.cs.berkeley.edu/~daw/papers/mimicry.pdf
[WhittenTygar1999]
A. Whitten and J. D. Tygar.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.  Proceedings of the 8th USENIX Security Symposium, 1999.  At http://www.usenix.org/publications/library/proceedings/sec99/whitten.html
[USDoJ2001]
United States Department of Justice, Computer Crime and Intellectual Property Section (CCIPS).  Searching and seizing computers and obtaining electronic evidence in criminal investigations. 2001. Available at http://www.cybercrime.gov/searchmanual.pdf


Online Resources


The web page of Dave Dittrich, University of Washington, has extensive, valuable information on various aspects of computer and network security, including analyses of attack tools, lists of security research papers, news articles, best practice references, etc.

Last updated: 

Valid HTML 4.01 Transitional