CS 576 Systems Security

Spring 2018

InstructorGeorgios Portokalidis, Office Hours: Mondays 4pm-6pm (NB307A)
LectureWednesday 06:15pm-08:45pm (NB 102)
LabThursday 04:00pm-04:50pm (Babbio 319)
Communicationshttps://piazza.com/stevens/spring2018/cs576
Canvashttps://sit.instructure.com/courses/26306
Calendarhttps://goo.gl/u9CbcT (You need to be logged in with your Stevens Google account)

Keep working on your projects! Code and report due on 5/4!

The final exam is scheduled for 5/9!

Course Description

This course will cover a wide range of topics in the area of Systems Security. A computer system is composed by software, hardware, policies, and practices. Systems security involves both designing and building secure systems, as well as improving and evaluating the security of existing systems. This course is giving a particular emphasis into providing hands-on experience to students through building, attacking, and securing systems. The class is programming intensive. Those who take the class should be skilled programmers and should have some experience with the C programming language and programming on a Linux environment. It is recommended that students are also familiar with the assembly language and with network and operating system basics.

Detailed information about the course can be found in the syllabus.

Prerequisites

The course requires good programming skills (C, C++), including some knowledge of x86 assembly. Also, a basic background in operating systems (mainly UNIX) and networking.

Course prereqs: (Graduate students) CS-631Advanced Programming in the UNIX Environment or (Undergraduate students) CS-306 Introduction to IT Security and CS-392 Systems Programming

Course materials

Textbooks (optional):

  • Computer Security: Principles and Practice, 3/E, William Stallings, Lawrie Brown ISBN-10: 0133773922 • ISBN-13: 9780133773927
  • Security Engineering 2nd Edition by Ross Anderson
  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition, Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte, ISBN: 978-0-470-08023-8

Other materials:

  • Slides used in lectures and papers referenced in them

Grading

Your final grade will be determined by your performance in the following:

Lab participation 10%
Midterm Exam 20%
Final Exam 20%
Project 50%

Course Schedule

1/17/18

Course Introduction.

Authentication and access control.

1/24/18

How software executes: from abstractions to machine-level code.

1/31/18

(Early) Memory corruption attacks.

2/7/18

Early defenses and more attacks.

2/14/18

Modern exploitation and defenses.

2/28/18

Web security.

Project proposals due. How to prepare a project proposal.

3/22/18

Midterm.

3/28/18

Systems and cryptography.

4/4/18

Network security.

4/11/18

Malware.

Botnets.

4/12/18

Midterm 2.

4/18/18

(Distributed) Denial of service.

Sandboxing.

4/25/18

Project presentations.

5/2/18

Invited speaker.

5/9/18

Final exam.