Dr. Rachel Greenstadt
Department of Computer Science
Office: University Crossings 140
Tel: 1 215 895 2920
Office Hours: by appt
"Security requires a particular mindset. Security professionals -- at
least the good ones -- see the world differently. They can't walk into a
store without noticing how they might shoplift. They can't use a computer
without wondering about the security vulnerabilities. They can't vote
without trying to figure out how to vote twice. They just can't help it."
This class aims to cultivate a security mindset in the students who
take it. These critical and devious thinking skills will be acquired
through exploration of a variety of applied security topics as
well as concrete techniques for network and software attacks and defenses.
We will write exploits, learn how to apply cryptographic and hashing
algorithms, and perform man-in-the-middle attacks on networks. Beyond
specific techniques, we will explore the broader question of why
security is such a "cat and mouse game" or "arms race" between the
attacker and defender. Together, we will explore research papers
and empirical data on security arms races in SPAM, phishing, DDOS, virus
detection, botnets, and others. Students will pick one "arms race" to
study in detail and we will work together to synthesize general
conclusions about the state-of-play in computer and network security.
The course will be offered online. There will be
four problem sets/programming projects due every other week (to
be done in groups), a midterm, and the research
project (with deliverables on weeks without a project due).
Coursework and Grading
- problem sets/projects: 4x10%
- research proposal = 20%
- midterm = 15%
- final = 15%
- participation (including online discussion) = 10%
Discussions and Online Participation
Discussion will take place on the course's BBLearn website. Be sure to participate in the introductions thread if you have not already done so.
Note: This schedule is tentative and can change. In particular, look for readings to be added.
June 26 : Introduction: Computer and Network (In)Security
- Lecture 1
- David Dittrich, Michael Bailey, Sven Dietrich. Towards Community Standards for Ethical Behavior in Computer Security Research. Stevens CS Technical Report 2009-1, 20 April 2009.
- Is there a security problem in computing?, Security in Computing, 4th edition, Pfleeger and Pfleeger.
- Stuart Staniford, Vern Paxson, and Nicholas Weaver, How to 0wn the Internet in Your Spare Time, in the Proceedings of the 11th USENIX Security Symposium (Security '02).
July 3 : Software Security: Attacks
- Lecture 2
- Readings (Very Important for Project 1)
July 10 : Software Security: Defenses
July 17 : Software Security: Defenses Part 2
July 24 : Cryptography
July 31 : Online Midterm
August 7 : Authentication and Hashing
August 14 : Privacy and Anonymity
August 21 : Network and Web Security
August 28 : Research Presentations / wrapup