CS 194-1: Computer Security CS 194-1, Fall 2005 Computer Security Instructors: (675 Soda Hall) (531 Soda Hall) (671 Soda Hall) (629 Soda Hall) TAs: Paul Huang () Jeff Kalvass () () Ivan Tam () Lectures: MWF, 11-12pm, 277 Cory Sections: 104. Th 12:00-1:00, 320 Soda 101. Th 1:00-2:00, 320 Soda 102. Th 2:00-3:00, 320 Soda 103. Th 3:00-4:00, 320 Soda Office Hours: Joseph: Mondays and Tuesdays 1-2 pm in 675 Soda Tygar: Mondays 1-2pm by appointment Vazirani: Mondays 3-4pm in 671 Soda Wagner: Wednesdays 1-2pm in 629 Soda Huang: Tuesdays 2-4pm in 511 Soda Kalvass: Wednesdays 4-6pm in 511 Soda Sears: Wednesdays 12-2pm in 551 Soda Tam: Wednesdays 2-4pm in 551 Soda Web page: Announcements • Project 2 code is and Design Document is. • Homework 3 submission instruction: in the directory with your exploit1.c and exploit2.c type 'submit hw3' to turn in your code for part 3.

• Please check the course newsgroup,, for announcements. Quick links:. Course Overview This course will cover the most important features of computer security, including topics such as cryptography, operating systems security, network security, and language-based security. After completing this course, students will be able to analyze, design, and build secure systems of moderate complexity. List of course topics (tentative): • Introduction to computer security. Basic concepts, threat models, common security goals.

• Cryptography and cryptographic protocols, including encryption, authentication, message authentication codes, hash functions, one-way functions, public-key cryptography, secure channels, zero knowledge in practice, cryptographic protocols and their integration into distributed systems, and other applications. • Operating system security: memory protection, access control, authorization, authenticating users, enforcement of security, security evaluation, trusted devices, digital rights management. • Network security. Firewalls, intrusion detection systems, viruses and worms, web security.

This course will cover the most important features of computer security, including topics such as cryptography, operating systems security, network security, and. Note that you should not view the availability of lecture notes as a substitute for attending class: our discussion in class may deviate somewhat from the written. Informatics U3O2. Remember – U3O2 is part 1 of the SAT. It finishes in U4O1. Use a range of appropriate techniques and processes to acquire, prepare, manipulate and.

Case studies: DNS, IPSec. • Software security. Secure software engineering, defensive programming, buffer overruns and other implementation flaws. Language-based security: analysis of code for security errors, safe languages, and sandboxing techniques.

• Advanced topics and case studies, to be chosen according to instructor and student interest. (Possible examples: privacy, mobile code, digital rights management and copy protection, trusted devices, denial of service and availability, network based attacks, security and the law, electronic voting, quantum cryptography, penetration analysis, ethics, full disclosure.) Assignments, Projects, and Exams All homeworks are due on Friday at 11am in drop box #2 (in the slot labeled CS161/Fall 2005) in 283 Soda. The deadlines will be enforced strictly. Late homework will be accepted only in extraordinary circumstances, and may in any case be penalized. The lowest homework grade will be dropped.

Homeworks: • Homework 1 (due 9/23); solutions. • Homework 2 (due 10/14); solutions. • Homework 3 (due 12/2); solutions. There will be two programming projects. • Project 1 (due 10/31) • Project Description • Code: • Sample Design Document: • FAQ: • CVS: • Notes on Object Serialization: • Deter: • Usernames and Passwords: • Project 1 Submission: • Project 2 (due 12/9) • Project 2 Description • Code:. (Removed from online archive.)• Design Document: (Removed from online archive.) Exams: • Midterm 1 (Oct 7); solutions.

• Midterm 2 (Nov 9, held in class); solutions. • Final Exam (Tue Dec 13, 12:30-3:30pm, 1 Leconte); solutions. Lectures The following schedule is tentative and subject to change. Readings from the textbooks are indicated as follows: P&P 1.2 denotes Pfleeger & Pfleeger, Chapter 1.2; A 1.2 denotes Anderson, Chapter 1.2. Optional readings are in parentheses. Topic Readings 1 Aug 29 Overview; intro to computer security Slides.

2 Aug 31 Adversaries, threat models, security goals Notes. (A 1.5.) 3 Sept 2 Access control, authorization Slides. P&P 4.3, 4.4. (A 4.1, 4.2.) Sept 5 No class! Labor Day Holiday. 4 Sept 7 Network security intro Slides. (A 18.1.) 5 Sept 9 Networking background Slides.

6 Sept 12 Firewalls Notes. (A 18.3.1-18.3.3.) 7 Sept 14 Intrusion detection Slides. (A 18.5.) 8 Sept 16 Symmetric-key cryptography Notes.

P&P 2.1, 2.5, 2.6. (A 5.1, 5.3.3.) 9 Sept 19 Block ciphers Notes. 10 Sept 21 Public-key encryption; modular arithmetic Notes. P&P 2.7, 10.1 'Properties of Arithmetic' only, 10.3 'RSA Encryption' only. (A 5.3.4, 5.7.1.) 11 Sept 23 Message authentication, public-key signatures Notes P&P 2.8 'Digital Signatures' only.

(A 5.3.5.) 12 Sept 26 Secure channels Slides. P&P 7.3 'Encryption' only.

(A 18.3.4.) 13 Sept 28 Implementation flaws, buffer overruns Notes. Can You Pay In Installments On Expedia Com here. 14 Sept 30 Software security: principles Notes. 15 Oct 3 Software security: defensive programming Notes. 16 Oct 5 Secret sharing Notes. Oct 7 Midterm 1 17 Oct 10 Cryptographic protocols, zero knowledge Notes 18 Oct 12 Zero knowledge protocols Notes. 19 Oct 14 Authentication protocols Slides. P&P 4.5, 7.3 'Strong Authentication' only.

(A 2.1, 2.2, 2.6, 3.1-3.3.) 20 Oct 17 Electronic cash protocols Notes. 21 Oct 19 Random number generation Notes. Oct 21 Project discussions Notes. 23 Oct 24 E-commerce systems Slides.

24 Oct 26 Worms and viruses Slides. P&P 3.3 'The Internet Worm', 'Code Red'. (A 18.4.) 25 Oct 28 Distributed denial of service Slides. 26 Oct 31 Multi-level security, mandatory access control Slides. (A 7.1-7.3, 7.5, 23.1-23.3) 27 Nov 2 Database security, side channels Slides. (A 8.3.) 28 Nov 4 Database security, inference control (cont.) Slides.

29 Nov 7 Operating system security, memory protection Notes. (A 4.3.) Nov 9 Midterm 2 Nov 11 No class! Veterans Day Holiday.

30 Nov 14 Isolation, sandboxing Notes. 31 Nov 16 Language-based security; type- and memory-safe languages (continuing in last lecture's notes) 32 Nov 18 Rights management, spyware, rootkits (case study) Optional:. (A 14.1-14.6.) 33 Nov 21 Web Security Slides. Nov 23 No class!

Thanksgiving Holiday. Nov 25 No class! Thanksgiving Holiday. 34 Nov 28 Quantum cryptography Slides. 35 Nov 30 Watermarking Slides. 36 Dec 2 Rootkits Slides.

37 Dec 5 Review 38 Dec 7 Electronic voting Slides. 39 Dec 9 Review Section Notes • 9/22, 1pm section [] Textbooks The required textbook is Security in Computing (Charles P. Pfleeger, Shari Lawrence Pfleeger, 3rd ed., Prentice Hall, 2003). We will also provide lecture notes for most of the lectures. The book Security Engineering (Ross Anderson, Wiley, 2001) is optional.

It provides extra reading and background. Note that you should not view the availability of lecture notes as a substitute for attending class: our discussion in class may deviate somewhat from the written material, and you should take your own notes as well. Prerequisites You must have taken CS 61C (Machine Structures). Also, you must have taken either Math 55 or CS 70 (Discrete Mathematics). Grading Summary Your final grade will be computed from five categories: • 35% Projects • 40% Exams (10% per midterm, 20% for the final) • 15% Homework • 10% Class participation Collaboration and Academic Integrity Policy Homeworks are to be done individually, on your own (not in groups). Projects will be done in groups.

The mechanics of project groups will be announced later in the semester. For homeworks, you must always write up the solutions on your own. Similarly, you may use references to help solve homework problems, but you must write up the solution on your own and cite your sources.

You may not share written work or programs with anyone else. You may not receive help on homework assignments from students who have taken the course in previous years, and you may not review homework solutions from previous years. In writing up your homework you are allowed to consult the instructors, TAs, assigned texts, posted notes, and any materials cited by them. If you do so, you are required to cite your source(s). Descargar Los Raros De Ruben Dario Pdf Creator.

Simply copying an answer is not sufficient; you are expected to write it up in your own words, and you must be able to explain it if you are asked to do so. Your answers may refer to course material and to homeworks from earlier in the semester. You are not permitted to consult others in the class; you are not permitted to 'Google for the answer' to homework questions. Copying solutions or code, in whole or in part, from other students or any other source without acknowledgment constitutes cheating. Any student found to be cheating in this class will automatically receive an F grade and will also be referred to the Office of Student Conduct. You should never read another student's solution or partial solution, nor have it in your possession, either electronically or on paper. You should write your homework solution strictly by yourself.

Presenting another person's work as your own constitutes cheating, whether that person is a friend, an unknown student in this class or a previous semester's class, a solution set from. Copying solutions or code, in whole or in part, from other students or any other source without acknowledgment constitutes cheating. Any student found to be cheating in this class will automatically receive an F grade and will also be referred to the Office of Student Conduct. You should never read another student's solution or partial solution, nor have it in your possession, either electronically or on paper.

You should write your homework solution strictly by yourself. Presenting another person's work as your own constitutes cheating, whether that person is a friend, an unknown student in this class or a previous semester's class, a solution set from a previous semester of this course, or an anonymous person on the Web who happens to have solved the problem you've been asked to solve. Everything you turn in must be your own doing, and it is your responsibility to make it clear to the graders that it really is your own work. The following activities are specifically forbidden in all graded course work: • Possession (or theft) of another student's solution or partial solution in any form (electronic, handwritten, or printed). • Giving a solution or partial solution to another student, even with the explicit understanding that it will not be copied. • Working together with anyone else to develop a solution that is subsequently turned in (either by you or by the other person).

• Looking up solution sets from previous semesters and presenting that solution, or any part of it, as your own. Academic dishonesty has no place in a university; it wastes our time and yours, and it is unfair to the majority of students. In our experience, nobody begins the semester with the intention of cheating. Students who cheat do so because they fall behind gradually and then panic. Some students get into this situation because they are afraid of an unpleasant conversation with a professor if they admit to not understanding something.

We would much rather deal with your misunderstanding early than deal with its consequences later. Even if you are convinced that you are the only person in the class that doesn't understand the material, and that it is entirely your fault for having fallen behind, please overcome your feeling of guilt and ask for help as soon as you need it. Remember that the other students in the class are working under similar constraints--they are taking multiple classes and are often holding down outside employment. Don't hesitate to ask us for help--helping you learn the material is what we're paid to do, after all! Warning From time to time, we may discuss vulnerabilities in widely-deployed computer systems.

This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly. Berkeley policy is very clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse. Unethical or inappropriate actions may result in failing the course and being referred for further discipline. Contact information If you have a question, your best option is to post a message to the newsgroup.

The staff (instructor and TAs) will check the newsgroup regularly. When using the newsgroup, please do not post answers to homework questions before the homework is due.

If your question is personal or not of interest to other students, you may send email to. Email to cs161@cory is forwarded to the instructor and all TAs. We prefer that you use the cs161@cory address, rather than emailing directly the instructor and/or your TA. If you wish to talk with one of us individually, you are welcome to come to our office hours. If the office hours are not convenient, you may make an appointment with any of us by email.

The instructor and TAs may post announcements, clarifications, etc. To the class newsgroup. Hence you should read the newsgroup regularly whether you post questions to it or not. If you've never done this before, there is online information about (see also for more).

Mail inquiries to.

Goals and coverage: The purpose of this course is to introduce to the students the bare bones of the computing systems and networks, as well as a few security issues associated with it at various levels. We divide the security of computing systems into three major parts: software, network and web security.

The plan is to understand the following subtopics, at a minimum, as they come under these three divisions. • Software security: Basics of OS; OS security fundamentals; injection vulnerabilities; buffer overflows; access control; sandboxing; malware: viruses and worms; writing secure code. • Network security: Basics of networking; security of TCP and DNS protocols; firewalls, VPNs and intrusion detections; denial of service (DoS) attacks. • Web security: Web basics; web security model; cross-site scripting; SQL injection; session managements with cookies; https protocol. Day Date Topics, lecture notes and further reading Home assignments* Practice Problems 1 Fri 07/31 Admin info.

& computer security fundamentals [] Ch 1.1 2 Mon 08/03 Access control, crypto. Notions & usability issues Ch. 1.2 to 1.4 [] 3 Thu 08/06 Physical security-I Ch.

2.1 to 2.3 [] 4 Mon 08/10 Physical security-II Ch. 2.4 to 2.6 5 Thu 08/13 Operating systems fundamentals and file systems Ch. 3.1 [] 6 Mon 08/17 Process & file-system security Ch. 3.2 and 3.3 [] 7 Thu 08/20 Stack and heap based buffer overflows Ch. 3.4 [] 8 Mon 08/24 Format string and TOCTOU attacks, Ch. 3.4 Introduction to malware:virus, worm, Trojan horse Ch. 4.1[.pdf] Thu 08/27 Class cancelled Mon 08/31 Class cancelled 9 Thu 09/03 Quiz-1 (70 minutes) 10 Mon 09/07 Malware attacks, botnets, and countermeasures Ch.

4.2 to 4.5 Computer networks fundamentals: topology and layers Ch. 5.1 11 Thu 09/10 Data link: Ethernet, MAC and ARP spoofing attacks Ch 5.2 12 Sat 09/12 [ Extra class] Network layer: IP, ICMP, IP spoofing & sniffing Ch 5.3 Mon 09/14 Class cancelled 13 Wed 09/16 [ Extra class] Transport layer: TCP, UDP, NAT, session hijack Ch 5.4 14 Thu 09/17 Ch 5.5 Denial of service 15 Wed 09/23 Midsem exam 16 Mon 10/05 TBA 17 Thu 10/08 TBA 18 Mon 10/12 TBA 19 Thu 10/15 TBA 20 Mon 10/19 TBA Thu 10/22 Holiday 21 Mon 10/26 Quiz 2 (70 minutes) 22 Thu 10/29 TBA 23 Mon 11/02 TBA 24 Thu 11/05 TBA 25 Mon 11/09 TBA 26 Thu 11/12 TBA Holiday?

27 Mon 11/16 TBA 28 Thu 11/19 TBA 30 Sat- Sat 11/21 11/28 Endsem exam.