Introduction to Computer Security (Comp535)

Meeting times / place :

Meeting Time: Tuesdays and Thursdays from 11am to 12:15 pm

Meeting Location: Sitterson - SN011

Description

Description

The course covers introductory topics in computer security. The goal is to expose students to a broad range of security challenges facing us today. The course examines a wide range of topics in operating systems, software engineering, and network and communications security. This course is accompanied by a distance learning lab that runs certain Fridays from 11am-12:15pm. You must be enrolled in CS535 to attend the Friday sessions (more likely than not, over Zoom) . No exceptions. These labs will leverage infrastructure built specifically for this course, and will expose students to hands-on experimentation of concepts discussed in the lectures. Enrolled students must have their own laptop; we will provide access to virtual machines on our servers. Many of the labs are built around a gamified cybersecurity experience. The modules used during the lab sessions will be available through the Riposte Framework. You will be required to read and digitally sign an Ethics and Responsible Practices statement before proceeding with the labs.

When sending me email about this course, make sure to add the preamble "COMP535:" to the subject line; otherwise, responses will be slower than normal.

Community Standards in Our Course and Mask Use.

This semester, while we are still in the midst of a global pandemic, all enrolled students are required to wear a mask covering your mouth and nose at all times in our classroom. This requirement is to protect our educational community — your classmates and me – as we learn together. If you choose not to wear a mask, or wear it improperly, I will ask you to leave immediately, and I will submit a report to the Office of Student Conduct. At that point you will be disenrolled from this course for the protection of our educational community. An exemption to the mask wearing community standard will not typically be considered to be a reasonable accommodation. Individuals with a disability or health condition that prevents them from safely wearing a face mask must seek alternative accommodations through the Accessibility Resources and Service. For additional information, see Carolina Together.

Title IX Resources

Any student who is impacted by discrimination, harassment, interpersonal (relationship) violence, sexual violence, sexual exploitation, or stalking is encouraged to seek resources on campus or in the community. Please contact the Director of Title IX Compliance (Adrienne Allison – Adrienne.allison@unc.edu), Report and Response Coordinators in the Equal Opportunity and Compliance Office (reportandresponse@unc.edu), Counseling and Psychological Services (confidential), or the Gender Violence Services Coordinators (gvsc@unc.edu; confidential) to discuss your specific needs. Additional resources are available at safe.unc.edu.

Diversity Statement

I value the perspectives of individuals from all backgrounds reflecting the diversity of our students (spanning race, gender identity, national origin, ethnicity, religion, social class, age, sexual orientation, political background, and physical and learning ability). The classroom is meant to be an inclusive space for all students, so please let me know if there is anything I can do to improve that.

Course Materials

Textbook and Resources

None require, but the one(s) listed below offer background material helpful for the lectures.

• Goodrich and Tamassia. Introduction to Computer Security, Pearson, 2011, Standard Edition.

Please note that many of the lectures will be supplemented by my own notes. For the labs, no textbook is required. We will handout detailed instructions for each module. However, the list of books below are highly recommended if you want to learn more about topics covered in this course and for mastering the labs:

• Ligh et al, The Art of Memory Forensics, Wiley, 2016.
• Hyde, The Art of Assembly Language, No Starch Press, 2nd Edition.
• Michal Zalewski, The Tangled Web, No Starch Press, 2012.

Learning Outcomes

Unlike other areas of computer science (e.g., software development), where practitioners can leverage simplifying assumptions to quickly complete a task derived from an external need, cybersecurity practitioners need to be aware of, and repeatedly question, the validity of these simplifying assumptions to either prove the system's security or find exploitable weaknesses. As such, in this specific field, being able to find the right problems to solve is perhaps just as important as being able to solve them. To that end, we will be testing attained skills in the context of challenge-based learning environment built specifically for this course. More specifically, given that each exercise will contain a practical test of knowledge — where the student has to apply the knowledge they learned to solve a problem — we can assess learners at several levels (e.g., whether they can apply learned knowledge in a previously demonstrated way, can apply learned knowledge in contexts not seen before, can independently close any knowledge gaps when completing a task, or even can demonstrate mastery by being able to direct, advise, and teach others). Upon successful completion of the course, students will:

• Be able to understand fundamental notions within the field of computer security,
• Be able to identify various threats, vulnerabilities, attacks (and countermeasures) to critical cyber infrastructure.
• Be able to understand how malicious code functions and identify underlying software-related vulnerabilities.
• Be familiar with contemporary defenses for mitigating several classes of computer and network-based attacks, and be cognizant of good computer security practices.
• Have a better appreciation for concerns about security and privacy, and be better able to analyze proposals to protect user privacy.
• Be able to describe technical computer security concepts to their peers.

Grading

Assignments (programming)	65%
Midterm (proficiency-based takehome)	20%
Comprehensive Exam	15%

Collaboration on assignments (except where explicitly stated) and exams is strictly forbidden. Remember UNC's Honor code.

Syllabus (subject to change)
A tentative schedule of lectures (subject to change) is provided below. Some of the material that lectures will be based on is provided below. Topics to be covered include:
Week 1 :
Course Overview (Goodrich: Chapter 1)
Introduction and basic concepts Attack surface and risk assessment Further information: B. Cheswick. An Evening with Berferd in which a cracker is lured, endured, and studied, 1990. S. Bellovin. There Be Dragons, USENIX Security, 1992. B. Schneier, Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons, 2000. [Lab: Getting acquainted with our class infrastructure + basic UNIX terminal skills]
Week 2,3 :
User Authentication (Goodrich: Chapter 1, 2) Passwords: Approaches and defensive techniques Guessing strategies and metrics Case Study: Graphical passwords; Password managers for usability Biometrics (overview and metrics for evaluation) Further information: J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In IEEE Symposium on Security and Privacy, 2012. (video) TouchID "hack", 2014. Fingerprint cloning: myth or reality? [Lab Module: password cracking, proactive checking and hardening]
Week 4,5:
Tools from Applied Cryptography (Goodrich: Chapter 8) Terms and definitions Symmetric Encryption Cryptographic hash functions Data authentication and integrity Public-key encryption and Public-key digital signatures
Week 6
Authentication Protocols Part 1: With Low Power Comes Low Security Bluetooth LE: bounding and pairing, service discovery, trust anchors, key distribution weaknesses Prudent engineering principles
Weeks 7,8:
[Lab Module: Why crytosystems fail (cryptanalysis, WiFi vulnerabilities & protections), part 2] System Security (Goodrich: Chapter 3) Core OS security principles (mediation, confinement, isolation, etc.) Memory and Filesystem security Privileges and the confinement problem [Lab Module: Stack-based overflows, enabling and disabling protections]
Week 9
Software Security (Goodrich: Chapters 3,4) Memory Protection: Stack Cookies, Data Execution Protection (DEP) and ASLR Good practices; Why security testing is hard [Lab Module: Debugging without source code]
Week 10:
Web Security (Zalewski: Chapter 9) Active content and its perils Cross-site Scripting, Cross-Site Forgery, SQL Injection, etc. Request Origin Issues Ethics and Responsible Disclosure [Lab Module: Web Exploits]
Week 10
Authentication Protocols and Authenticated Key Management [In class discussion:] Bryant: Designing an Authentication System: a dialogue in four scenes* Establishing shared keys Prudent engineering principles Case study: Kerberos (Goodrich: Section 9.6)
Week 11:
Realtime Protocols for the Internet (Goodrich: Chapter 6) SSL/TLS, IPSEC Understanding the Hearbleed Bug. DNS Security; [Lab Module: Web Exploits and Defenses part 2]
Week 12:
Malicious software (Goodrich: Chapter 4) Trojans, viruses, worms and more. Case study: Stuxnet Propagation strategies and some defense mechanisms
Week 12:
Firewalls, Perimeter Security and Network Attacks (Goodrich: Chapter 6,7) Architectures and Hybrid Appliances Limitations of Perimeter Defenses (Ghosts in the browser) Traffic Monitoring and Intrusion detection (evaluation criteria) (time permitting) [Lab Module: Firewalls, determining network exposure, defenses]
Week 13:
Course wrap up

Syllabus Changes