Network Security

Meeting times / place :

Tuesdays and Thursdays from 12:30 to 1:45

FB 008


The course covers selected areas in communication security, with particular focus on critical security services such as authentication and access control, firewalls, domain naming service and other real-time protocols for the Internet, traffic monitoring and intrusion detection, malware propagation and detection, web security, anonymity and privacy, securing web browsers, among others. Where appropriate, we examine threats and vulnerabilities to specific architectures and protocols. There will be several programming assignments, and a course project requiring an in-class presentation. Several topics areas will be suggested for projects, though students are encouraged to explore ideas of their own.

Contact Info
location office hours
FB 008 3-5 pm Thursday  

Course Materials

There is no required text, but the following textbook is recommended:

  • Stallings and Brown. Computer Security: Principles and Practice, 2007
  • Grading
    Assignments 50%
    Midterm 15%
    Project + in-class Presentations 20%
    Class participation 15%

    Collaboration on assignments (except where explicitly stated) and exams is strictly forbidden. The mid-term exam will be closed book.

    Fall 2009 Syllabus (subject to change)

    A tentative schedule of lectures (subject to change) is provided below. Some of the material that lectures will be based on is provided below. Required readings are marked with an asterisk (*). Topics to be covered include:

    Week 1 (August 25):

    Course Overview, Network security introduction

  • Attack Surface (Know your enemy)
    • Steve Bellovin. There Be Dragons.
    • Bill Cheswick. An Evening with Berferd in which a cruacker is lured, endured, and studied.
  • Needham: Using Encryption for authentication in large networks
  • Thompson: Reflections on Trusting Trust*

  • Week 2 (Sept 1):

    Firewalls and Related Technologies

  • Schuba: Analysis of service attacks on TCP*
  • Chapman: Network insecurity through packet filtering
  • Voydock: Security mechanisms in high-level network protocols*
  • Vulnerability Assessment
  • Info leakage: Strange Attractors and TCP/IP Sequence Number Analysis
  • Week 3 (Sept 8):
    Authentication Protocols and Authenticated Key Management
  • Bryant: Designing an Authentication System: a dialogue in four scenes
  • Steiner: Kerberos: an authentication service for open network systems*
  • Wu: A real world analysis of Kerberos Password Security

  • Public-Key Infrastructure and Applications
    • W. Diffie and M. Hellman. New Directions in Cryptopgraphy*
  • Broswer Certs and Usable Security

  • Week 4 (Sept 15):
    DDoS and Packet Identification

  • Staniford: How to 0wn the Internet in your space time
  • Burch: Tracing anonymous packets to their approximate source*
  • Peering through the Shroud: The Effect of Edge Opacity on IP-based Client Identification

    Assignment 1

    • Jaeyeon Jung et al. Fast Portscan Detecting Using Sequential Hypothesis Testing.

  • Week 5 (Sept 22):
  • Moore: Inferring Internet denial of service activity
  • Savage: Network Support for IP Traceback*
  • SYN-cookies, client puzzles, and other defenses against content depletion attacks

  • Week 6 (Sept 29):

    Malware (detection, containment, and trends)

  • Viruses, Worms, Botnets and Ghosts in the Browser.
  • Franklin: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants.
  • FastFlux, detecting spammers
  • Host- versus Network-based detection

    Additional Readings:

  • Jain: A user-level infrastructure for system call interposition*
  • Stealthy Malware Detection Through VMM-based Semantic View Reconstruction.
  • Week 7 (Oct 6):
    Realtime Protocols for the Internet

  • DNS Security (Lioy, Atiennese);
  • Attacks on DNS and some solutions (port randomization, 0x20, DNSCurve)
  • Securing BGP
  • IPsec, SSL/TLS
  • Week 8 (Oct 13):

    Web Security

  • Cross-site Scripting, Cross-Site Forgery, SQL Injection and More
  • Request Origin Issues: Ajax and Web Mashups
  • Attacking client-side storage
  • DNS Rebinding Attacks

    Additional reading(s):

  • Snooping the cache for Fun and Profit.
  • Assignment 2 related readings

    • Polychronakis et al. Network-level polymorphic shellcode detection using Emulation*
    • Akritidis et al. STRIDE: Polymorphic sled detection through instruction sequence analysis
    • Polychronakis et al. Emulation-based Detection of Non-self contained Polymorphic Shellcode
    • Libraries: see Libemu project.
    Week 9 (Oct 20):
    FALL Break (21-23)

    Traffic Monitoring and Intrusion Detection

  • Ptacek: Eluding network intrusion detection*
  • Paxon: Detecting Stepping Stones
  • Analyzing Network Traffic to detect Shellcode

    Assignment 3

  • Week 10 (Oct 27):
    Traffic Monitoring and Classification (cont)

  • Handley: Traffic normalization and end-to-end protocol semantics
  • Malan: Transport and application protocol scrubbing*
  • BLINC: Multi-level Traffic Characterization in the Dark

  • Week 11 (Nov.3):

    Anonymity and Privacy

    "Guest" Lecture on 11/2 (I'm in NYC for NSF workshop)

  • Anonymous connections and onion routing
  • Crowds: Anonymity for web transactions
  • Case Study: Tor (and Practical Attacks)

    Network trace anonymization

  • Week 12 (Nov 10):
    No Class --- Attending ACM CCS (Chicago)

    Week 13 (Nov. 17):
  • Rethinking the Browser (Lessons from Chromium and Gazelle)
  • Memory Protection: Stack Cookies, Data Execution Protection (DEP) and ASLR
  • Return Oriented Programming
  • Catchup; Miscellaneous topics.

  • (Nov. 26):
    Thanksgiving Holiday
    Week 14 (Dec.1):
  • Remote Timing Attacks
  • Dec 8, 10:
  • In-class Project Presentations (2 days)
  • Final Project reports due Dec 15.