1 Computer Engineering Department Islamic University of Gaza ECOM 6321 Network Security Spring (Graduate course) Lecture 1 Syllabus
2 Prof. Mohammad A. Mikki Professor of Computer Engineering ECE Department, Faculty of Engineering Office Location: I215 (IT Building) Tel Ext Skype: mohammad.mikki Homepage: Instructor Contact Information
Instructor’s Office hours 3 Sat.,Sun., Mon.,Tue., Wed. 11:00 am – 12:00 noon and by appointment Outside of office hours call or to insure that I am available, especially before going over the IT Building
Course Information Course Code: ECOM 6321 Course Name: Advanced Computer Networks Number of credits: 3 Class hours: 4 SectionLecture TimeLocation 101Tue. 2:00 pm – 5:00 pm K402
Course Description and Overview This course focuses on basic concepts in network security. It aims to introduce students to the fundamental techniques used in implementing secure network communications, and to give them an understanding of common threats and attacks, as well as some practical experience in attacking and defending networked systems. The course covers selected areas in network security, with particular focus on critical security services such as authentication and access control, firewalls, domain naming service and other real-time protocols for the Internet, traffic monitoring and intrusion detection, malware propagation and detection, web security, anonymity and privacy, securing web browsers, among others. Where appropriate, we examine threats and vulnerabilities to specific architectures and protocols. There will be a course project requiring an in-class presentation. Several topics areas will be suggested for projects, though students are encouraged to explore ideas of their own. Students will carry out the course project with the goal of publication in a conference. Class will combine lectures, discussions of reading, and presentations of recent research papers by students. 5
Course Topics Basics of cryptography: cryptographic hash functions, symmetric and public-key encryption Authentication and key establishment Buffer overflow attacks Web security Internet worms, viruses, spyware Spam, phishing, botnets, denial of service TCP/IP and DNS security Firewalls and intrusion detection systems Wireless security 6
Course Objectives The goal of this course is to expose students to recent advances in network security. All students, and most of the general population, use computers and computer-based systems everyday, and entrust those systems with life-critical and cost-critical functions. In spite of the high level of trust placed in computer-based systems, even advanced computer users have little awareness of their exposure to security threats. The general lack of understanding of basic computer security concepts leads to increased risk and costs involved in using computers. This course will introduce computer security basics in a practical way and give students the understanding that they need to protect themselves, and their data, from malicious attack. Students will learn about the mechanisms behind most computer attacks and they will learn about standard defense tools including firewalls and anti-virus programs. In the process of learning computer network security, students will be exposed to reading, presenting, and discussion of research papers in the advanced topics of computer networks. 7
Course Outcomes At the end of this course, you should be able to Explain common security threats, including malware. Analyze security vulnerabilities in computer systems. Apply authentication and cryptography to secure computer systems. Use open source tools to improve system security. Understand the fundamentals of network security. Describe the processes of auditing and incident response. Understand ethical and legal considerations encountered when working in information security. Improve your network security research, writing, and presentation skills 8
Course Website I will post: lecture notes, project suggested topics, quiz solutions, exam solutions, announcements, etc. Couse on moodle will also include: forum(s), project reports submission tools, paper review submission tools, etc. Please check this webpage at least once a week for lecture notes, quiz and exam solutions, supplementary material, announcements, etc. 9
Required Material -There is no official text for the course. -Students will be assigned research papers for reading, review, and presentation. 10
Readings and reviews All classes will have two assigned readings, which we will all read prior to class and discuss during the class. Reading the papers is essential to get the most out of this course! A quiz is given at beginning of class on papers to be presented in the class. 11
Readings and reviews Write a short 1 paragraph review for each paper before beginning of the class. A one-paragraph review is sufficient (longer is usually not better!). Your reviews should not summarize the paper or repeat the abstract — we all read the paper already. Goal: synthesize main ideas/concepts Critique the reading, do not summarize Also list questions you had about the paper, and ask them in class discussion your review should comprise at least two comments on the paper. Your comments should supply information that is not in the paper itself. For example, a comment might be: - an advantage of the paper's design that was not discussed in the paper - a suggestion of a way to extend or build on the paper in future work - Post your review on moodle 12
Readings and reviews Submit your review by 12:00 noon on the day of the lecture for which the paper was assigned, by posting it on the moodle site. You are encouraged to read, think about, and comment on the other students' reviews, so that our time will be productive when we are all together discussing the papers. However, it would be wise to at least write down notes on your own thoughts independently, before you read the other students' comments. Your reviews should contain material that doesn't appear in the other students' reviews. (If you independently produce the same idea, that's fine. Copying other students' reviews, however, is obviously plagiarism.) Reviews that are submitted on time and meet the guidelines above will be given full credit. The overall review grade for the course may be determined based on all the of reviews over the semester. 13
Class Schedule 14 WeekTopicReadings and notes Admin Week 1Class cancelled Week 2 Course overview/Securit y basics Syllabus/Course introduction and overview 01-Symantec: Internet Security Threat Report 01-Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Week 3 Vulnerabilities and Network malware (Types of Security Attacks) 02-Malware- A View on Current Malware Behaviors 02- Malware- Practical Malware Analysis Project ideas/suggested topics Week 4 Operating System Security 03-OS Security- Operating System Security and Secure Operating Systems 03-OS Security-Understanding Android Security Quiz #1 on this week’s papers Project proposals due
Class Schedule 15 Week 5 Network security/Security problems in network protocols 04- Network security - A Technical Comparison of IPSec and SSL 04- Network security-A Survey of BGP Security Quiz #2 on this week’s papers Week 6 Network firewalls and related technologies 05- Firewalls- Network Firewall Technologies – 2009 05- Firewalls-network firewalls- IEEE 1994 Quiz #3 on this week’s papers Week 7 Web security 06- Web security-The Security Architecture of the Chromium Browser 06- Web security-Third-Party Web Tracking Policy and Technology Quiz #4 on this week’s papers Week 8 SQL injection, cross-site scripting 07- Web security- Next Generation Clickjacking - white paper 07- Web security-Cross Site Scripting Explained Quiz #5 on this week’s papers WeekTopicReadings and notes Admin
Class Schedule 16 Week 9 Application security 08- Appl. Security- Database Security – 2008 08- Appl. security-What hackers know that you don’t Quiz #6 on this week’s papers Week 10 Cryptography/Aut hentication Protocols and Authenticated Key Management 09- Cryptography- Kerberos An Authentication Service for Open Network Systems 09- Cryptography-Ten Risks of PKI Quiz #7 on this week’s papers Week 11 Project intermediate report presentations Week 12 Wireless Security 10- Wireless security-WIRELESS LAN SECURITY AND IEEE I – 2005 10- wireless security-Wireless Network Security and Interworking Quiz #8 on this week’s papers WeekTopicReadings and notes Admin
Class Schedule 17 Week 13 Project final report presentations Week 14 Course conclusion and discussion Project final report due WeekTopicReadings and notes Assigned Presenter
Lecture Etiquette Be on time (if you are late enter the class quiet) Cell phones off or muted Interrupt for questions – there is no dumb question 18
Key to Success Attendance –Pay attention to lectures –Ask questions Effort –Do project reports on time. –Read extra material on your own. Wealth of information available (library books, online articles, research papers) Consistency –Keep up with the class pace 19
Class Expectations Class participation – Your input is needed for good discussion Keep up with reading research papers Complete project on time Submit clean, organized, and concise reading papers reviews, and project reports Identify potential project partners early (in one week, if possible) Follow academic integrity code 20
Grading Scheme Course research project: Proposal 3% Midterm report 6% Midterm presentation3% Final paper/report 18% 20% Class participation (attendance, class discussion, forums through moodle) 10% Paper presentation20% Quizzes20% Final Exam30% 21 Your final grade for the course will be based on the following weights:
Research project The research project is the highlight of the course. The goal is to produce novel research related to network security that, by the end of the semester, would be publishable as a short paper in a top quality workshop, and when expanded to a full paper would be publishable in a top-quality conference. You may work alone or in groups of two. Larger groups should discuss with the instructor first. The main steps in the research project are as follows: –During the first two weeks of the course, you should think about projects you might like to do. The instructor will suggest some topics, but it's even better if you have ideas of your own. 22
Research project Proposal Project proposal: Submit a project proposal to the instructor via moodle in the beginning of the third week (the exact date will be posted on moodle). Your group should submit a single proposal. Microsoft Word format is required. The proposal should be at most one page of text, informally describing –the problem you plan to address, –what will be your first steps to attack the problem, –what is the most closely related work, and why it has not addressed your problem, and –if there are multiple people on your project team, who they are and how you plan to partition the work among the team. Remember... the proposal can be short and informal as long as it demonstrates that you have a reasonable project and know how to attack it. The instructor will either approve the project or ask for a revision. 23
Research project Midterm presentation: Give a 15-minute presentation in class describing what problem you are solving, why existing approaches will not solve your problem, your solution approach, and your progress in your solution. You must demonstrate progress in your solution and the midterm presentation is worth 10% of your project grade, so it would be good to start work on the project early. Midterm paper: This is a short paper suitable for submission to a workshop. It should clearly state the problem being solved, importance of problem, Related work, Your approach, what work has been done, work to be done, and partial results. The paper should be at most 8 pages for one- person projects, and at most 12 pages for two-person projects. But you will be judged on approach, not page-count! Final paper: This is a short paper suitable for submission to a conference. It should clearly state the problem being solved, importance of problem, Related work, Your approach, evaluation, and results, Summary of conclusions, discussion of limitations, and future work. The paper should be at most 8 pages for one-person projects, and at most 12 pages for two- person projects. But you will be judged on results, not page-count! 24
Research project Dates for the above steps will be announced on the moodle. In general, you are encouraged to meet with the instructor and seek advice on the project as often as you like. Can a project be shared with another course's project or independent research? It is OK, and often a good idea, to work on a class project that complements your other ongoing projects and has a related topic. However, you should identify the piece of the larger project that you are working on for ECOM 6321, with separate pieces for other courses. 25
26 any questions ¿