CSC 474/574 Information Systems Security

Fall 2003

(This page will be changed frequently. Check before class.)


Lab for HW5

Note: Homework assignments must be completed with a word processor (e.g., Microsoft Word, LaTeX). Hand written submissions will NOT be accepted.


Dr. Peng Ning


Office hours:

Tuesdays and Thursdays, 3:00pm - 4:00pm, 250 Venture III (in Suite 243), Centennial Campus

Office phone:

(919) 513-4457



Email address:

ning (at) 


Teaching assistant:

Mr. Kun Sun


Office hours:

Thursdays 2:00pm - 4:00 pm, Room 252 (in Suite 243) Venture III, Centennial Campus

Email address:

ksun3 (at)

Class location:

Room 150 Venture II, Centennial Campus

Day and time:

Tuesdays and Thursdays 4:35pm -5:50pm.

Course Syllabus

Students registered for CSC 574 need to complete a research project in addition to the homework assignments and exams.

Mailing list: (CSC 474 & 574)

Web page: 

Message Board: 

Useful Resources: Java Tutorial

Note on assignments:

You must use text editor (e.g. MS Word) to complete your homework. Handwritten submissions are not accepted. You should submit hard copies unless otherwise specified.

All work is to be performed individually unless otherwise specified. For the collaborative problems, you are encouraged to form teams of 1-3 members (of students in this class) to cooperate only on those problems. After discussing the problems, please write up your answers individually. Indicate the names of the other members in your team, if any.

You get no extra credit for working alone where collaboration is permitted.

Projects: Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Students can form project teams, each with up to three members.

Requirements for project proposal

Requirements for project final report.

Projects include but are not limited to:

  • Research Paper
    • You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation. 
    • You are encouraged to choose this if you are a PhD student or a master student that has to complete a thesis.
    • Example Topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
      • New Attacks
  • Survey Paper
    • You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation.
    • Example topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
  • Implementation
    • You can implement an existing technique, protocol, or system. The outcome should be a report the describes your implementation and a demo to the instructor and the TA. Your grade will be based on the quality of the report, the functionality and robustness of the implementation.
    • I may require you work on your own, depending on the complexity of the Implementation. 
    • Example topics:
      • Key management for sensor networks (See instructor for details. Limit to 2 groups.)
      • Broadcast authentication for sensor networks (See instructor for details. Limit to 2 groups.)
      • Cryptographic algorithms such as AES, RSA, DSA, etc. 
      • Authentication protocols such as S/Key, Challenge-Response protocol.
      • Firewalls
      • Developing/extending intrusion detection systems

Schedule of classes



Reading Assignment

(Complete before class. Reading assignments are given in the order of importance for each lecture.)

Homework Assignment


08/21/03 Introduction
Topic 1: Basic security concepts
Chapter 1   pdf
08/26/03 Topic 2.1: Introduction to cryptography

Introduction to Cryptography

Chapters 9.1 -- 9.2

08/28/03 Topic 2.2: Secret key cryptography 

Chapters 11.1 -- 11.3


Topic 2.2 (Cont'd)

Topic 2.3: Basic number theory 

.Chapters 2.4.1 -- 2.4.4 of Handbook of Applied Cryptography

hw1 (Due by 9/16/03)



Topic 2.3 (Cont'd)

Topic 2.4 Public key cryptography

Chapters 9.3 -- 9.6



Topic 2.4 (Cont'd)



Guest lecture

Topic 2.6 Key management


Topic 2.5: Hash function

IETF RFC 1321 (MD5)

Chapters 10 and 11.4

09/18/03 Class cancelled due to Isabel



Topic 2.5 (Cont'd)

Topic 3. Identification and authentication

Chapter 12

Chapters 2.2.2 and 2.2.5 in RSA FAQ

hw2 (Due by 10/07/03)



Guest Lecture

Topic 4.1 Basic Concepts of Access Control

Chapters 2, 4, 5


Topic 3 (Cont'd)

Topic 4.1 (Cont"d)



Mid-term review

10/07/03 Mid-term Exam 
(in class, open book & notes)

Scope: Topics 1 -- 4.1 grade distribution  
10/09/03 No class (Fall break)      
10/14/03 Review of midterm exam



Topic 4.2 Lattice Based Access Control Models

Sandhu, R.S. Lattice-based access control models, IEEE Computer, 26(11): 9 –19, Nov. 1993.

Chapter 6

hw3 (Due by 11/04/03)



Self-study: Topic 4.3 Covert Channels

Topic 4.4 Role-Based Access Control

Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Youman, C.E. Role-based access control models, IEEE Computer, 29(2): 38 –47, Feb. 1996.  




Topic 6.1 DAC and MAC in DBMS

Topic 6.2 Multi-Level Databases

  Project proposal due




Guest lecture

Class cancelled

Self-study: Topic 5.1 Assurance
(Chapter 18)


Guest lecture

Class cancelled

Self-study: Topic 5.2 Evaluation of secure information systems
(Chapter 21)

11/04/03 Topic 7.1 Keberos Chapter 10.2.2, In-class handout   pdf
11/06/03 Topic 7.2 IPsec

Chapter 11.4.3

RFC 2401, RFC 2411, RFC 2402, RFC 2406

hw4 (Due by 11/25/03)



Topic 7.3 IP trace back

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, "Practical Network Support for IP Traceback", In Proceedings of the 2000 ACM SIGCOMM Conference, pp. 295-306, August 2000.   pdf
11/13/03 Topic 7.5 SSL/TLS

Chapter 11.4.2

RFC 2246


Topic 7.5 (Cont'd)

Topic 7.4 Firewalls

Chapter 26

Linux netfilter Hacking HOWTO

hw5 (Due by 12/04/03)



Topic 7.4 (Cont'd)

Topic 8.1 Malicious logic

Chapter 22   pdf
11/25/03 Topic 9.1 Introduction to intrusion detection Peng Ning, Sushil Jajodia, "Intrusion Detection Techniques," In H. Bidgoli (Ed.),The Internet Encyclopedia. John Wiley & Sons. ISBN: 0-471-22201-1. December 2003.   pdf
11/27/03 No class (Thanksgiving)      
12/02/03 Topic 9.1 (Cont'd)      

Final Review

  Project report due.  
12/09/03 Final Exam (1 -- 4pm)      


This course includes materials provided by Dr. Sushil Jajodia (George Mason University), Dr. Wenke Lee (George Institute of Technology), Dr. Gail-Joon Ahn (University of North Carolina at Charlotte), and Dr. Peng Liu (Penn State University).

Peng Ning (