Network Security

Meeting times / place :

Tuesdays and Thursdays from 12:30 to 1:45

FB 008

Description

The course covers selected areas in communication security, with particular focus on critical security services such as authentication and access control, firewalls, domain naming service and other real-time protocols for the Internet, traffic monitoring and intrusion detection, malware propagation and detection, web security, anonymity and privacy, securing web browsers, among others. Where appropriate, we examine threats and vulnerabilities to specific architectures and protocols. There will be several programming assignments, and a course project requiring an in-class presentation. Several topics areas will be suggested for projects, though students are encouraged to explore ideas of their own.

Contact Info

location office hours

FB 008 3-5 pm Thursday

Course Materials

There is no required text, but the following textbook is recommended:

Stallings and Brown. Computer Security: Principles and Practice, 2007

Grading

Assignments 50%

Midterm 15%

Project + in-class Presentations 20%

Class participation 15%

Collaboration on assignments (except where explicitly stated) and exams is strictly forbidden. The mid-term exam will be closed book.

Fall 2009 Syllabus (subject to change)

A tentative schedule of lectures (subject to change) is provided below. Some of the material that lectures will be based on is provided below. Required readings are marked with an asterisk (*). Topics to be covered include:

Week 1 (August 25):

Course Overview, Network security introduction

Attack Surface (Know your enemy)

Steve Bellovin. There Be Dragons.
Bill Cheswick. An Evening with Berferd in which a cruacker is lured, endured, and studied.

Needham: Using Encryption for authentication in large networks
Thompson: Reflections on Trusting Trust*

Week 2 (Sept 1):

Firewalls and Related Technologies
Schuba: Analysis of service attacks on TCP*
Chapman: Network insecurity through packet filtering
Voydock: Security mechanisms in high-level network protocols*
Vulnerability Assessment
Info leakage: Strange Attractors and TCP/IP Sequence Number Analysis

Week 3 (Sept 8):

Authentication Protocols and Authenticated Key Management
Bryant: Designing an Authentication System: a dialogue in four scenes
Steiner: Kerberos: an authentication service for open network systems*
Wu: A real world analysis of Kerberos Password Security

Public-Key Infrastructure and Applications

W. Diffie and M. Hellman. New Directions in Cryptopgraphy*

Broswer Certs and Usable Security

Week 4 (Sept 15):

DDoS and Packet Identification

Staniford: How to 0wn the Internet in your space time
Burch: Tracing anonymous packets to their approximate source*
Peering through the Shroud: The Effect of Edge Opacity on IP-based Client Identification
Assignment 1

Jaeyeon Jung et al. Fast Portscan Detecting Using Sequential Hypothesis Testing.

Week 5 (Sept 22):

Moore: Inferring Internet denial of service activity
Savage: Network Support for IP Traceback*
SYN-cookies, client puzzles, and other defenses against content depletion attacks

Week 6 (Sept 29):

Malware (detection, containment, and trends)
Viruses, Worms, Botnets and Ghosts in the Browser.
Franklin: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants.
FastFlux, detecting spammers
Host- versus Network-based detection
Additional Readings:
Jain: A user-level infrastructure for system call interposition*
Stealthy Malware Detection Through VMM-based Semantic View Reconstruction.

Week 7 (Oct 6):

Realtime Protocols for the Internet

DNS Security (Lioy, Atiennese);
Attacks on DNS and some solutions (port randomization, 0x20, DNSCurve)
Securing BGP
IPsec, SSL/TLS

Week 8 (Oct 13):

Web Security
Cross-site Scripting, Cross-Site Forgery, SQL Injection and More
Request Origin Issues: Ajax and Web Mashups
Attacking client-side storage
DNS Rebinding Attacks
Additional reading(s):
Snooping the cache for Fun and Profit.

Assignment 2 related readings

Polychronakis et al. Network-level polymorphic shellcode detection using Emulation*
Akritidis et al. STRIDE: Polymorphic sled detection through instruction sequence analysis
Polychronakis et al. Emulation-based Detection of Non-self contained Polymorphic Shellcode
Libraries: see Libemu project.

Week 9 (Oct 20):

FALL Break (21-23)
Traffic Monitoring and Intrusion Detection

Ptacek: Eluding network intrusion detection*
Paxon: Detecting Stepping Stones
Analyzing Network Traffic to detect Shellcode
Assignment 3

Week 10 (Oct 27):

Traffic Monitoring and Classification (cont)

Handley: Traffic normalization and end-to-end protocol semantics
Malan: Transport and application protocol scrubbing*
BLINC: Multi-level Traffic Characterization in the Dark

Week 11 (Nov.3):

Anonymity and Privacy
"Guest" Lecture on 11/2 (I'm in NYC for NSF workshop)

Anonymous connections and onion routing
Crowds: Anonymity for web transactions
Case Study: Tor (and Practical Attacks)
Network trace anonymization

Week 12 (Nov 10):

No Class --- Attending ACM CCS (Chicago)

Week 13 (Nov. 17):

Rethinking the Browser (Lessons from Chromium and Gazelle)
Memory Protection: Stack Cookies, Data Execution Protection (DEP) and ASLR
Return Oriented Programming
Catchup; Miscellaneous topics.

(Nov. 26):

Thanksgiving Holiday
Week 14 (Dec.1):

TBA
Remote Timing Attacks

Dec 8, 10:

In-class Project Presentations (2 days)
Final Project reports due Dec 15.

Assignments	50%
Midterm	15%
Project + in-class Presentations	20%
Class participation	15%


Fall 2009 Syllabus (subject to change)

A tentative schedule of lectures (subject to change) is provided below. Some of the material that lectures will be based on is provided below. Required readings are marked with an asterisk (*). Topics to be covered include:

Week 1 (August 25):
Course Overview, Network security introduction
Attack Surface (Know your enemy) Steve Bellovin. There Be Dragons. Bill Cheswick. An Evening with Berferd in which a cruacker is lured, endured, and studied. Needham: Using Encryption for authentication in large networks Thompson: Reflections on Trusting Trust*
Week 2 (Sept 1):
Firewalls and Related Technologies Schuba: Analysis of service attacks on TCP* Chapman: Network insecurity through packet filtering Voydock: Security mechanisms in high-level network protocols* Vulnerability Assessment Info leakage: Strange Attractors and TCP/IP Sequence Number Analysis

Week 3 (Sept 8):
Authentication Protocols and Authenticated Key Management Bryant: Designing an Authentication System: a dialogue in four scenes Steiner: Kerberos: an authentication service for open network systems* Wu: A real world analysis of Kerberos Password Security Public-Key Infrastructure and Applications W. Diffie and M. Hellman. New Directions in Cryptopgraphy* Broswer Certs and Usable Security
Week 4 (Sept 15):
DDoS and Packet Identification Staniford: How to 0wn the Internet in your space time Burch: Tracing anonymous packets to their approximate source* Peering through the Shroud: The Effect of Edge Opacity on IP-based Client Identification Assignment 1 Jaeyeon Jung et al. Fast Portscan Detecting Using Sequential Hypothesis Testing.

Week 5 (Sept 22):
Moore: Inferring Internet denial of service activity Savage: Network Support for IP Traceback* SYN-cookies, client puzzles, and other defenses against content depletion attacks
Week 6 (Sept 29):
Malware (detection, containment, and trends) Viruses, Worms, Botnets and Ghosts in the Browser. Franklin: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. FastFlux, detecting spammers Host- versus Network-based detection Additional Readings: Jain: A user-level infrastructure for system call interposition* Stealthy Malware Detection Through VMM-based Semantic View Reconstruction.

Week 7 (Oct 6):
Realtime Protocols for the Internet DNS Security (Lioy, Atiennese); Attacks on DNS and some solutions (port randomization, 0x20, DNSCurve) Securing BGP IPsec, SSL/TLS

Week 8 (Oct 13):
Web Security Cross-site Scripting, Cross-Site Forgery, SQL Injection and More Request Origin Issues: Ajax and Web Mashups Attacking client-side storage DNS Rebinding Attacks Additional reading(s): Snooping the cache for Fun and Profit.

Assignment 2 related readings
Polychronakis et al. Network-level polymorphic shellcode detection using Emulation* Akritidis et al. STRIDE: Polymorphic sled detection through instruction sequence analysis Polychronakis et al. Emulation-based Detection of Non-self contained Polymorphic Shellcode Libraries: see Libemu project.
Week 9 (Oct 20):
FALL Break (21-23) Traffic Monitoring and Intrusion Detection Ptacek: Eluding network intrusion detection* Paxon: Detecting Stepping Stones Analyzing Network Traffic to detect Shellcode Assignment 3

Week 10 (Oct 27):
Traffic Monitoring and Classification (cont) Handley: Traffic normalization and end-to-end protocol semantics Malan: Transport and application protocol scrubbing* BLINC: Multi-level Traffic Characterization in the Dark

Week 11 (Nov.3):
Anonymity and Privacy "Guest" Lecture on 11/2 (I'm in NYC for NSF workshop) Anonymous connections and onion routing Crowds: Anonymity for web transactions Case Study: Tor (and Practical Attacks) Network trace anonymization

Week 12 (Nov 10):
No Class --- Attending ACM CCS (Chicago)

Week 13 (Nov. 17):
Rethinking the Browser (Lessons from Chromium and Gazelle) Memory Protection: Stack Cookies, Data Execution Protection (DEP) and ASLR Return Oriented Programming Catchup; Miscellaneous topics.
(Nov. 26):
Thanksgiving Holiday
Week 14 (Dec.1):
TBA Remote Timing Attacks

Dec 8, 10:
In-class Project Presentations (2 days) Final Project reports due Dec 15.