Transcript Syllabus
Computer Engineering Department
Islamic University of Gaza
ECOM 6321
Network Security
Spring 2013-2014
(Graduate course)
Lecture 1
Syllabus
1
Instructor Contact Information
Prof. Mohammad A. Mikki
Professor of Computer Engineering
ECE Department , Faculty of Engineering
Office Location: I215 (IT Building)
Tel. +970-8-2860700 Ext. 2876
Skype: mohammad.mikki
email: [email protected]
Homepage: http://site.iugaza.edu.ps/mmikki/
2
Instructor’s Office hours
Sat. ,Sun. , Mon. ,Tue. , Wed.
11:00 am – 12:00 noon
and by appointment
Outside of office hours call or e-mail to
insure that I am available, especially before
going over the IT Building
3
Course Information
Course Code: ECOM 6321
Course Name: Advanced Computer Networks
Number of credits: 3
Class hours:
Section
Lecture Time
Location
101
Tue.
2:00 pm – 5:00
pm
K402
4
Course Description and Overview
This course focuses on basic concepts in network security. It aims to
introduce students to the fundamental techniques used in implementing
secure network communications, and to give them an understanding of
common threats and attacks, as well as some practical experience in
attacking and defending networked systems.
The course covers selected areas in network security, with particular
focus on critical security services such as authentication and access
control, firewalls, domain naming service and other real-time protocols for
the Internet, traffic monitoring and intrusion detection, malware
propagation and detection, web security, anonymity and privacy, securing
web browsers, among others. Where appropriate, we examine threats and
vulnerabilities to specific architectures and protocols.
There will be a course project requiring an in-class presentation. Several
topics areas will be suggested for projects, though students are
encouraged to explore ideas of their own. Students will carry out the
course project with the goal of publication in a conference.
Class will combine lectures, discussions of reading, and presentations of
recent research papers by students.
5
Course Topics
Basics of cryptography: cryptographic hash functions, symmetric and
public-key encryption
Authentication and key establishment
Buffer overflow attacks
Web security
Internet worms, viruses, spyware
Spam, phishing, botnets, denial of service
TCP/IP and DNS security
Firewalls and intrusion detection systems
Wireless security
6
Course Objectives
The goal of this course is to expose students to recent advances in network security.
All students, and most of the general population, use computers and computer-based
systems everyday, and entrust those systems with life-critical and cost-critical
functions.
In spite of the high level of trust placed in computer-based systems, even advanced
computer users have little awareness of their exposure to security threats.
The general lack of understanding of basic computer security concepts leads to
increased risk and costs involved in using computers.
This course will introduce computer security basics in a practical way and give students
the understanding that they need to protect themselves, and their data, from malicious
attack. Students will learn about the mechanisms behind most computer attacks and
they will learn about standard defense tools including firewalls and anti-virus programs.
In the process of learning computer network security, students will be exposed to
reading, presenting, and discussion of research papers in the advanced topics of
computer networks.
7
Course Outcomes
At the end of this course, you should be able to
Explain common security threats, including malware.
Analyze security vulnerabilities in computer systems.
Apply authentication and cryptography to secure computer
systems.
Use open source tools to improve system security.
Understand the fundamentals of network security.
Describe the processes of auditing and incident response.
Understand ethical and legal considerations encountered when
working in information security.
Improve your network security research, writing, and presentation
skills
8
Course Website
http://moodle.iugaza.edu.ps
I will post: lecture notes, project suggested topics, quiz
solutions, exam solutions, announcements, etc.
Couse on moodle will also include: forum(s), project reports
submission tools, paper review submission tools, etc.
Please check this webpage at least once a week for lecture
notes, quiz and exam solutions, supplementary material,
announcements, etc.
9
Required Material
-
There is no official text for the course.
-
Students will be assigned research papers
and presentation.
for reading, review,
10
Readings and reviews
All classes will have two assigned readings, which we will all read prior to
class and discuss during the class. Reading the papers is essential to get
the most out of this course!
A quiz is given at beginning of class on papers to be presented in the class.
11
Readings and reviews
Write a short 1 paragraph review for each paper before beginning of the class.
A one-paragraph review is sufficient (longer is usually not better!). Your
reviews should not summarize the paper or repeat the abstract — we all read
the paper already.
Goal: synthesize main ideas/concepts
Critique the reading, do not summarize
Also list questions you had about the paper, and ask them in class
discussion
your review should comprise at least two comments on the paper. Your
comments should supply information that is not in the paper itself.
For example, a comment might be:
- an advantage of the paper's design that was not discussed in the paper
- a suggestion of a way to extend or build on the paper in future work
Post your review on moodle
12
Readings and reviews
Submit your review by 12:00 noon on the day of the lecture for which the
paper was assigned, by posting it on the moodle site.
You are encouraged to read, think about, and comment on the other
students' reviews, so that our time will be productive when we are all
together discussing the papers.
However, it would be wise to at least write down notes on your own
thoughts independently, before you read the other students' comments.
Your reviews should contain material that doesn't appear in the other
students' reviews. (If you independently produce the same idea, that's fine.
Copying other students' reviews, however, is obviously plagiarism.)
Reviews that are submitted on time and meet the guidelines above will be
given full credit. The overall review grade for the course may be
determined based on all the of reviews over the semester.
13
Class Schedule
Week
Week 1
Topic
Readings and notes
Admin
Class cancelled
Syllabus/Course introduction and overview
Week 2
Week 3
Week 4
Course
overview/Securit
y basics
01-Symantec: Internet Security Threat
Report
Vulnerabilities
and Network
malware (Types
of Security
Attacks)
Operating
System Security
Project
02-Malware- A View on Current Malware ideas/suggested
Behaviors
topics
01-Botnets, Cybercrime, and
Cyberterrorism: Vulnerabilities and
Policy Issues for Congress
02- Malware- Practical Malware Analysis
03-OS Security- Operating System
Security and Secure Operating Systems2003
03-OS Security-Understanding Android
Security
Quiz #1 on this
week’s papers
Project
proposals due
14
Class Schedule
Week
Topic
Readings and notes
Admin
Network
security/Security
Week 5 problems in
network protocols
04- Network security - A Technical Quiz #2 on this week’s
papers
Comparison of IPSec and SSL2005
Quiz #3 on this week’s
papers
Network firewalls
Week 6 and related
technologies
Week 7 Web security
SQL injection,
Week 8 cross-site scripting
04- Network security-A Survey of
BGP Security- 2010
05- Firewalls- Network Firewall
Technologies – 2009
05- Firewalls-network firewallsIEEE 1994
06- Web security-The Security
Architecture of the Chromium
Browser
Quiz #4 on this week’s
papers
06- Web security-Third-Party Web
Tracking Policy and Technology
07- Web security- Next Generation Quiz #5 on this week’s
papers
Clickjacking - white paper
07- Web security-Cross Site
Scripting Explained
15
Class Schedule
Week
Week 9
Topic
Application
security
Readings and notes
08- Appl. Security- Database
Security – 2008
08- Appl. security-What e-mail
hackers know that you don’t
Cryptography/Aut
hentication
Protocols and
Week 10
Authenticated
Key Management
Week 11
Week 12
Wireless Security
Admin
Quiz #6 on this week’s
papers
09- Cryptography- Kerberos An Quiz #7 on this week’s
Authentication Service for Open papers
Network Systems- 1988
09- Cryptography-Ten Risks of
PKI
Project intermediate
report presentations
10- Wireless security-WIRELESS Quiz #8 on this week’s
papers
LAN SECURITY AND IEEE
802.11I – 2005
10- wireless security-Wireless
Network Security and
Interworking
16
Class Schedule
Week
Topic
Week 13
Course
Week 14 conclusion and
discussion
Readings and notes
Assigned Presenter
Project final report
presentations
Project final report due
17
Class Expectations
Class participation – Your input is needed for good
discussion
Keep up with reading research papers
Complete project on time
Submit clean, organized, and concise reading papers
reviews, and project reports
Identify potential project partners early (in one week, if
possible)
Follow academic integrity code
20
Grading Scheme
Your final grade for the course will be based on
the following weights:
Course research project:
Proposal
Midterm report
Midterm presentation
Final paper/report
20%
3%
6%
3%
18%
Class participation (attendance, class
discussion, forums through moodle)
10%
Paper presentation
20%
Quizzes
20%
Final Exam
30%
21
Research project
The research project is the highlight of the course. The goal is to
produce novel research related to network security that, by the
end of the semester, would be publishable as a short paper in a
top quality workshop, and when expanded to a full paper would be
publishable in a top-quality conference.
You may work alone or in groups of two. Larger groups should
discuss with the instructor first.
The main steps in the research project are as follows:
– During the first two weeks of the course, you should think
about projects you might like to do. The instructor will suggest
some topics, but it's even better if you have ideas of your own.
22
Research project Proposal
Project proposal: Submit a project proposal to the
instructor via moodle in the beginning of the third week (the
exact date will be posted on moodle).
Your group should submit a single proposal. Microsoft Word
format is required.
The proposal should be at most one page of text, informally
describing
– the problem you plan to address,
– what will be your first steps to attack the problem,
– what is the most closely related work, and why it has not addressed
your problem, and
– if there are multiple people on your project team, who they are and how
you plan to partition the work among the team.
Remember ... the proposal can be short and informal as long
as it demonstrates that you have a reasonable project and
know how to attack it. The instructor will either approve
the project or ask for a revision.
23
Research project
Midterm presentation: Give a 15-minute presentation in class describing
what problem you are solving, why existing approaches will not solve your
problem, your solution approach, and your progress in your solution. You
must demonstrate progress in your solution and the midterm presentation
is worth 10% of your project grade, so it would be good to start work on
the project early.
Midterm paper: This is a short paper suitable for submission to a
workshop. It should clearly state the problem being solved, importance of
problem, Related work, Your approach, what work has been done, work to
be done, and partial results. The paper should be at most 8 pages for oneperson projects, and at most 12 pages for two-person projects. But you will
be judged on approach, not page-count!
Final paper: This is a short paper suitable for submission to a conference.
It should clearly state the problem being solved, importance of problem,
Related work, Your approach, evaluation, and results, Summary of
conclusions, discussion of limitations, and future work. The paper should
be at most 8 pages for one-person projects, and at most 12 pages for twoperson projects. But you will be judged on results, not page-count!
24
Research project
Dates for the above steps will be announced on the moodle.
In general, you are encouraged to meet with the instructor
and seek advice on the project as often as you like.
Can a project be shared with another course's project or
independent research? It is OK, and often a good idea, to
work on a class project that complements your other
ongoing projects and has a related topic. However, you
should identify the piece of the larger project that you are
working on for ECOM 6321, with separate pieces for other
courses.
25
any questions
¿
26