Description
Attacks on networked computer systems are an increasingly important problem. This course covers the types of vulnerabilities that are present in modern computer systems and the types of malicious software that exploit these vulnerabilities. It also covers best practices for preventing, detecting and responding to such attacks including anti-virus software, defensive programming techniques, intrusion detection systems, honeypots and firewalls. Given when needed (typically every other spring).Prerequisites
A general course in computer networking such as CS 455/555 or EE 407/507. Programming experience to the level of CS 142 or EE 361CS 344Materials
There is no required textbook, but if you learn well by reading and would like to supplement what we do in class, I highly recommend Security Engineering by Ross Anderson.We may collectively choose and read a book related to computer security. One option is This Is How They Tell Me the World Ends by Nicole Perlroth.
Objectives
- Expose student to major classifications of malware.
- Investigate and understand the weaknesses in our software and network protocols that allow attacks.
- Provide students with tools and strategies for diagnosing infected machines.
- Enable students to proactively secure computer systems.
- Expose students to how anti-virus materials are produced.
- Encourage students to propose and investigate innovations that can reduce risk of infection or damage from infection.
Outcomes
- Students will be able to place computer security activities into an iterative security lifecycle process including phases such as prevention, detection, recovery and response.
- Students will be able to characterize and distinguish between major types of malicious software or malware including for example viruses, Trojan Horses, worms and spyware.
- Students will be able to diagnose systems that have been compromised by malware using tools such as intrusion detection systems and network protocol analyzers.
- Students will use databases of credible information on specific attacks.
- Students will be familiar with best practices for preventing and recovering from attacks including closing unused network ports, keeping software up-to-date and regular system back-ups.
- Students will understand how defenses against new attacks are developed and distributed.
- Students will think critically about the state of art in computer and network security including weaknesses in our response to new attack codes and weaknesses in systems that automatically update software.
Grading
Tentative grade breakdown:- 60% Assignments, Quizzes, Readings, Responses
- 15% Group Lab Project
- 25% Final Exam
Attendance Policy/Late Policy
If you complete an assignment late, you may submit it with a written note explaining the circumstances. I will grade your work, but the score will be recorded as a zero. I will however keep a special folder with the explanatory notes you have written and the score that would have been assigned if the work was submitted on time. At the end of the semester, before assigning final grades, I will consider reinstating or dropping the score for that assignment if it would indeed have changed the final grade.If approved arrangements are made ahead of time to submit work late, this policy would not apply.
Academic Integrity
When working on an individual assignment, the work you submit must be your own individual work. When working in a group, the work submitted should be the result of the collaboration of group members and you should be prepared to describe your individual contributions. In either case, if you use or refer to work from other sources, it should be acknowledged including use of generative AI technologies.It is an academic integrity violation for you to give your work to others. This includes sharing materials privately as well as making assignments available in Github or other public repositories.
Additional information about rights, obligations and procedures related to academic integrity can be found in Section IV of Clarkson's official regulations.