This course covers fundamental issues surrounding computer security. You will learn about security policies, models, and mechanisms. You will also learn about details of several system and web attacks by implementing them yourselves.
Students who successfully complete this course will be able to
The prerequisite course for CSI 424 is CSI/CEN 400 or CSI 402. The prerequisite course for CSI 524 is CSI 500.
You are expected to have a good understanding of operating systems and systems programming. You need to be familiar with Linux command line interface and be able to code in C. Also, general knowledge of discrete math and networking can be helpful.
Required Textbook: Wenliang Du, “Computer Security: A Hands-on Approach,” ISBN: 978-1548367947, 2017.
We also rely on multiple other references (book chapters, articles, and tutorials) which are available publicly or via the University’s network.
You are required to read each session’s readings listed on the schedule before attending the class.
The course syllabus and schedule is available on the course webpage. Most of the tasks in this class will be handled via GitHub including distribution of notes and homework assignments, assignment submission, and feedback. We will also use Blackboard for announcements and your grades.
Course | Labs | Project | In-Class | Midterm Exam | Final Exam |
---|---|---|---|---|---|
CSI 424 | 45% | Optional (+5%) | 5% | 15% | 35% |
CSI 524 | 30% | 15% | 5% | 15% | 35% |
The following schedule is tentative and will be regularly updated. It is your responsibility to check the schedule regularly.
means required reading. means optional reading.
Date | Topic/Reading | Assignment Due |
---|---|---|
Module #1: Introduction | ||
Aug 31 |
- Course Overview
- Basic Security Concepts
- Access Control
|
|
Module #2: Software/System Security | ||
Sep 07 |
SET-UID Programs
|
lab00 (setup) |
Sep 14 |
Environment Variables & Attacks
|
|
Sep 21 |
Buffer Overflow Attack
|
lab01 (setuid) |
Sep 28 |
Return-to-libc Attack
|
lab02 (buffer-overflow) |
Oct 05 |
Race Condition Vulnerability
|
lab03 (return-to-libc) |
Oct 12 |
Shellshock Attack
|
lab04 (race) |
Module #3: Web Security | ||
Oct 19 |
- Midterm exam
- Cross Site Request Forgery Attack
|
lab05 (shellshock) |
Oct 26 |
Cross Site Scripting Attack
|
lab06 (csrf) |
Nov 02 |
SQL Injection Attack
|
lab07 (xss) |
Module #4: Network Security | ||
Nov 09 | Packet Sniffing and Spoofing | lab08 (sqli) |
Nov 16 |
Attacks on TCP Protocol
|
lab09 (sniff) |
Nov 23 | Thanksgiving Break (No Class) | |
Nov 30 |
Firewalls
|
lab10 (tcp) |
Module #5: Misc./Advanced Topics | ||
Dec 07 | Information Privacy | lab11 (firewall) |
Dec 14 | Final Exam (5:45pm-7:45pm in same classroom) |
For all assignments and papers, make sure to do your own work, except where collaboration is explicitly permitted or required. Also, make sure that you properly cite any resource from which you borrow ideas and that you clearly distinguish them from your contributions.