Introduction to Computer Security, Fall 2021

Instructor: Ning Zhang, zhang.ning@wustl.edu
TA: TBD,
Office Hour: By Appoinment

Announcement

Inital Schedule Posted

Course Description

Secure computing requires the secure design, implementation, and use of systems and algorithms across many areas of computer science. Fundamentals of secure computing such as trust models and cryptography will lay the groundwork for studying key topics in the security of systems, networking, web design, machine learning algorithms, mobile applications, and physical devices. Human factors, privacy, and the law will also be considered. Hands-on practice exploring vulnerabilities and defenses using Linux, C, and Python in studios and lab assignments is a key component of the course. Prerequisites: CSE 247 and either CSE 361 or CSE 332.

Recommended Pre-req:
- CSE 247 and either CSE 361 or CSE 332
- Feel free to join the class without pre-req as long as you are willing to pick up the system knowledge in the first several weeks of the class.

Textbook

There is no textbook for the class. We will use research papers for some of the topics. However, the following references can be helpful. They are available in the library reserve.

Network Security: Private Communication in a Public World
Computer Security: A Hands-on Approach

Grading

There is one mid-term and one course project in this class.

Midterm Exam 1	30 %
Studio	30 %
Course Project	30 %
CTF	10+10 %

Schedule

Detail schedule can be found here

Date	Topics	Reading
week 1	Course Overview, Network Attacks	Network 101 Video
week 2	SEEDLAB - TCP/IP Attack, Stream Cipher
week 3	BlockCipher, SEEDLAB - Secret Key
week 4	Message Integrity, Hash Function, Authenticated Encryption
week 5	SEEDLAB - MD5 Checksum, Public Key
week 6	Network Security - Protocol, PKI, TLS, HTTPS
week 7	Blockchain, Authentication, Access Control, Exam Review
week 8	Mid-term 1, course project overview
week 9	Privacy, Mobile Security, Cyber-physical Security
week 10	Machine Learning Security and Adversarial AI Lab
week 11	Software Security, SEEDLAB - BufferOverflow
week 12	Software Security - Overview of Attack and Defense
week 13	System Security, SEEDLAB - Race condition
week 14	TBD & Final Project Presentation

Course Project Idea

write a technical report about a disclosed vulnerability

write a survey on important cybersecurity issues, such as misinformation, big data privacy

build a covert channel using a smart light, on is 0, off is 1 and transmit an article using the covert channel

build a script to collect QR codes from the Internet and see if they are malicious or not

crawl twitter to discover bullying based on keywords

write a malware, use a packer to obfuscate it, and explain the design

write an exploit based on a specific vulnerability and explain your process

Ethics

With greater power, comes greater responsibility. In this course, we will be learning about and exploring some vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically. You may not attack any system prior approval of the site owners, and may not use anything you learn in this class to disrupt services or harm others. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor.