CSC 474/574 Information Systems Security

Fall 2003

(This page will be changed frequently. Check before class.)

New

Lab for HW5

Note: Homework assignments must be completed with a word processor (e.g., Microsoft Word, LaTeX). Hand written submissions will NOT be accepted.

Instructor:

Dr. Peng Ning

 

Office hours:

Tuesdays and Thursdays, 3:00pm - 4:00pm, 250 Venture III (in Suite 243), Centennial Campus

Office phone:

(919) 513-4457

Fax:

(919)513-1895

Email address:

ning (at) csc.ncsu.edu. 

Homepage:

http://www.csc.ncsu.edu/faculty/ning

Teaching assistant:

Mr. Kun Sun

 

Office hours:

 Thursdays 2:00pm - 4:00 pm, Room 252 (in Suite 243) Venture III, Centennial Campus

Email address:

ksun3 (at) unity.ncsu.edu

Class location:

Room 150 Venture II, Centennial Campus

Day and time:

Tuesdays and Thursdays 4:35pm -5:50pm.

Course Syllabus

Students registered for CSC 574 need to complete a research project in addition to the homework assignments and exams.

Mailing list:

csc574-001@wolfware.ncsu.edu (CSC 474 & 574)

Web page:

http://courses.ncsu.edu/csc574/lec/001 

Message Board:

http://courses.ncsu.edu/csc574 
Useful Resources: Java Tutorial

Note on assignments:

You must use text editor (e.g. MS Word) to complete your homework. Handwritten submissions are not accepted. You should submit hard copies unless otherwise specified.

All work is to be performed individually unless otherwise specified. For the collaborative problems, you are encouraged to form teams of 1-3 members (of students in this class) to cooperate only on those problems. After discussing the problems, please write up your answers individually. Indicate the names of the other members in your team, if any.

You get no extra credit for working alone where collaboration is permitted.

Projects: Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Students can form project teams, each with up to three members.

Requirements for project proposal

Requirements for project final report.

Projects include but are not limited to:

  • Research Paper
    • You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation. 
    • You are encouraged to choose this if you are a PhD student or a master student that has to complete a thesis.
    • Example Topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
      • New Attacks
  • Survey Paper
    • You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation.
    • Example topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
  • Implementation
    • You can implement an existing technique, protocol, or system. The outcome should be a report the describes your implementation and a demo to the instructor and the TA. Your grade will be based on the quality of the report, the functionality and robustness of the implementation.
    • I may require you work on your own, depending on the complexity of the Implementation. 
    • Example topics:
      • Key management for sensor networks (See instructor for details. Limit to 2 groups.)
      • Broadcast authentication for sensor networks (See instructor for details. Limit to 2 groups.)
      • Cryptographic algorithms such as AES, RSA, DSA, etc. 
      • Authentication protocols such as S/Key, Challenge-Response protocol.
      • Firewalls
      • Developing/extending intrusion detection systems

Schedule of classes

Date

Topics

Reading Assignment

(Complete before class. Reading assignments are given in the order of importance for each lecture.)

Homework Assignment

Handout
08/21/03 Introduction
Topic 1: Basic security concepts 		Chapter 1   pdf
08/26/03 Topic 2.1: Introduction to cryptography

Introduction to Cryptography

Chapters 9.1 -- 9.2

   pdf
08/28/03 Topic 2.2: Secret key cryptography 

Chapters 11.1 -- 11.3

   pdf
09/02/03

Topic 2.2 (Cont'd)

Topic 2.3: Basic number theory 

.Chapters 2.4.1 -- 2.4.4 of Handbook of Applied Cryptography

hw1 (Due by 9/16/03)

Solution

 pdf
09/04/03

Topic 2.3 (Cont'd)

Topic 2.4 Public key cryptography

Chapters 9.3 -- 9.6

 

   pdf
09/09/03

Topic 2.4 (Cont'd)

 

    
09/11/03

Guest lecture

Topic 2.6 Key management

     pdf
09/16/03

Topic 2.5: Hash function

IETF RFC 1321 (MD5)

Chapters 10 and 11.4

   pdf
09/18/03 Class cancelled due to Isabel

 

    
09/23/03

Topic 2.5 (Cont'd)

Topic 3. Identification and authentication

Chapter 12

Chapters 2.2.2 and 2.2.5 in RSA FAQ

hw2 (Due by 10/07/03)

solution

 pdf
09/25/03

Guest Lecture

Topic 4.1 Basic Concepts of Access Control

Chapters 2, 4, 5

   pdf
09/30/03

Topic 3 (Cont'd)

Topic 4.1 (Cont"d)

 

    
10/02/03

Mid-term review

      
10/07/03 Mid-term Exam 
(in class, open book & notes)
Scope: Topics 1 -- 4.1 grade distribution  
10/09/03 No class (Fall break)      
10/14/03 Review of midterm exam

 

    
10/16/03

Topic 4.2 Lattice Based Access Control Models

Sandhu, R.S. Lattice-based access control models, IEEE Computer, 26(11): 9 –19, Nov. 1993.

Chapter 6

hw3 (Due by 11/04/03)

Solution

 pdf
10/21/03

Self-study: Topic 4.3 Covert Channels

Topic 4.4 Role-Based Access Control

Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Youman, C.E. Role-based access control models, IEEE Computer, 29(2): 38 –47, Feb. 1996.  

pdf1

pdf2
10/23/03

Topic 6.1 DAC and MAC in DBMS

Topic 6.2 Multi-Level Databases

   Project proposal due

pdf1

pdf2
10/28/03

Guest lecture

Class cancelled

Self-study: Topic 5.1 Assurance
(Chapter 18)

      
10/30/03

Guest lecture

Class cancelled

Self-study: Topic 5.2 Evaluation of secure information systems
(Chapter 21)

     pdf
11/04/03 Topic 7.1 Keberos Chapter 10.2.2, In-class handout   pdf
11/06/03 Topic 7.2 IPsec

Chapter 11.4.3

RFC 2401, RFC 2411, RFC 2402, RFC 2406

hw4 (Due by 11/25/03)

Solution

 pdf
11/11/03

Topic 7.3 IP trace back

 Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, "Practical Network Support for IP Traceback", In Proceedings of the 2000 ACM SIGCOMM Conference, pp. 295-306, August 2000.   pdf
11/13/03 Topic 7.5 SSL/TLS

Chapter 11.4.2

RFC 2246

   pdf
11/18/03

Topic 7.5 (Cont'd)

Topic 7.4 Firewalls

Chapter 26

Linux netfilter Hacking HOWTO

hw5 (Due by 12/04/03)

Solution

 pdf
11/20/03

Topic 7.4 (Cont'd)

Topic 8.1 Malicious logic

 Chapter 22   pdf
11/25/03 Topic 9.1 Introduction to intrusion detection Peng Ning, Sushil Jajodia, "Intrusion Detection Techniques," In H. Bidgoli (Ed.),The Internet Encyclopedia. John Wiley & Sons. ISBN: 0-471-22201-1. December 2003.   pdf
11/27/03 No class (Thanksgiving)      
12/02/03 Topic 9.1 (Cont'd)      
12/04/03

Final Review

  Project report due.  
12/09/03 Final Exam (1 -- 4pm)      

Acknowledgement

This course includes materials provided by Dr. Sushil Jajodia (George Mason University), Dr. Wenke Lee (George Institute of Technology), Dr. Gail-Joon Ahn (University of North Carolina at Charlotte), and Dr. Peng Liu (Penn State University).

Peng Ning (ning@csc.ncsu.edu)