Computer Systems Security (Winter 2018): Difference between revisions

From Soma-notes
Created page with "'''This outline is not yet finalized.''' ==Course Information== *'''Course Number:''' COMP 4108 *'''Term:''' Winter 2018 *'''Title:''' Computer Systems Security *'''Institut..."
 
 
(50 intermediate revisions by 6 users not shown)
Line 1: Line 1:
'''This outline is not yet finalized.'''
==Course Outline==


==Course Information==
[[Computer Systems Security: Winter 2018 Course Outline|Course Outline]]


*'''Course Number:''' COMP 4108
==Experiences==
*'''Term:''' Winter 2018
*'''Title:''' Computer Systems Security
*'''Institution:''' Carleton University, School of Computer Science
*'''Instructor:''' [http://people.scs.carleton.ca/~soma Anil Somayaji] (anilsomayaji at connect.carleton.ca): Tuesdays 12:30-2 (and by appointment) in HP 5137
*'''TA:''' Borke Obada-Obieh (BorkeObadaObieh at cmail.carleton.ca): Wednesdays 3-4:30 PM in HP 1170
*'''Meeting Time:''' Tuesdays and Thursdyas 10:05-11:25 AM, TB 238
*'''Course Website''': http://homeostasis.scs.carleton.ca/wiki/index.php/Computer_Systems_Security_(Winter_2016)


==Official Course Description==
You are required to complete 9 experiences throughout the semester.


'''COMP 4108:''' Introduction to information security in computer and communications systems, including network, operating systems, web and software security; Passwords, authentication applications, privacy, data integrity, anonymity, secure email, IP security, security infrastructures, firewalls, viruses, intrusion detection, network attacks.
* [[Computer Systems Security: Winter 2018 Experiences|List of Experiences]]
Prerequisite(s): one of COMP 3203 or SYSC 4602, and one of COMP 3000, SYSC 3001, SYSC 4001.


==Communication==
==Assignments==


The [[Computer Systems Security (Winter 2016)|main wiki page]] is the canonical source of information on this course.  Please refer to it for updates.  When significant changes are made to this document it will be either announced in lecture and/or posted in the course discussion forum.
Assignments will be posted here as they become available


Online course discussions will be on [http://culearn.carleton.ca cuLearn].
* [[Computer Systems Security: Winter 2018 Assignment 1|Assignment 1]]
* [[Computer Systems Security: Winter 2018 Assignment 2|Assignment 2]]
* [[Computer Systems Security: Winter 2018 Assignment 3|Assignment 3]]
* [[Computer Systems Security: Winter 2018 Assignment 4|Assignment 4]]


You should get an account on this wiki so you can edit content here.  Email Prof. Somayaji to get one with your preferred username and email address to which a password should be sent.
==Resources==


==Required Textbooks/Software==
Here are some resources you may find useful:


There are no required textbooks or software for this courseInstead we will be reading research papers which will be linked to from the wikiWhile many of these papers will be available directly via web search, some will be behind paywallsIn this case there will be alternate links to those pages that go through the Carleton Library's proxy.
* [http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/comp4108-2018w.ova A Virtualbox OVF image for Ubuntu 17.10.1]
* [https://openstack.scs.carleton.ca The SCS openstack cluster]Note that you can only access this from the Carleton networkTo access from elsewhere, [https://carleton.ca/its/help-centre/remote-access/ VPN in] to the university(On Linux you can also use openconnect rather than the Cisco software provided by Carleton.)


==Grading==
If you cannot access openstack, try [http://www.scs.carleton.ca/webacct changing your SCS password].


Students enrolled in COMP 4108 have the following grading scheme:
==Schedule==


* 20% Class Participation
===January 8, 2018===
* 20% Hacking Journal
* 10% Assignments (Reading Analyses)
* 20% Midterm (Feb. 25th, in class)
* 30% Final Exam


Each of these elements are explained below.
[[SystemsSec 2018W Lecture 1|Introduction]]


===Class Participation===
===January 10, 2018===


You are expected to attend every class for this course.  Moreover, you are expected to participate in each class.  This participation part of your grade will be based in part upon attendance; however, it will also be based upon the degree to which you were an active participant.  Students who attend every class but who do nothing while in class will get a worse participation grade than those who miss some classes but who fully participate in those they do attend.
[[SystemsSec 2018W Lecture 2|Threat Modelling]]


Note that mini presentations and group work are part of class participation.
===January 15, 2018===


===Hacking Journal===
[[SystemsSec 2018W Lecture 3|Common tools]]


The hacking journal is a journal of a student's explorations of computer security technology and methods (attacks and defenses) over the course of the semester.  Every student should spend 3-4 hours a week on work that is documented in the hacking journal.  The documentation may be concise and need not contain full sentences; however, it should cover the technical challenges encountered and the attempts to find solutions to those challenges (successful or not).  It should also contain citations for any references consulted and help obtained from any other individuals.
===January 17, 2018===


Students should be prepared to share their progress informally during class.  The hacking journal will need to submit their journal twice: once on February 12th (before March Break) and once at the end of the semester.  You may maintain your hacking journal as one or many files, in any format you choose; for submission, however, you should if necessary combine them into one file that is either in text or PDF format.
[[SystemsSec 2018W Lecture 4|passwd]]


Hacking opportunities will be discussed throughout the class and kept track of [[SystemsSec 2016W Hacking Opportunities|on the class wiki]].
===January 22, 2018===


While students may choose to focus on one project primarily, students should attempt at least one hacking project in each of the four major categories of material of the course, OS, Network, Software, and Web.
[[SystemsSec 2018W Lecture 5|Networking 1]]


The hacking journal should be submitted in the form of weekly updates and a final report.  The final report should be a nicely formatted version, in PDF, of all previously submitted updates (optionally edited for clarity), discussion of any additional work completed after the last hacking update, and a summary statement of no more than two pages describing your overall experiences with the hacking journal.  In this summary statement explain what you learned, what challenges you had, and to what degree you feel the exercise was worthwhile.
===January 24, 2018===


Your final grade will be half your grade for the top five hacking journal updates, half from the grade on your final report.  The report will be graded out of 10: 4 points for breadth, 3 for depth, 3 for overall quality of the hacking.  One point will be subtracted from the grade if no summary statement is present; otherwise the summary does not affect the report grade.
[[SystemsSec 2018W Lecture 6|Virtual machines 1]]


===Assignments/Reading Analyses===
===January 29, 2018===


In lieu of regular assignments, students will be required to do security reading analyses of five readings.  These readings may be ones assigned for class; however, all readings must be analyzed before they have been discussed in class.  Outside selections must be published in reputable security venues.
[[SystemsSec 2018W Lecture 7|Cryptography 1]]


Optionally, students may submit 10 reading analyses.  In this case, assignments will count as 20% of their grade and the hacking journal will count as 10%.
===January 31, 2018===


Reading analyses may be submitted at any time before the final exam and should be submitted in PDF or text format via [https://carleton.ca/culearn/ cuLearn].
[[SystemsSec 2018W Lecture 8|Networking 2]]


===Midterm and Final Exam===
Assignment 1 due


Students will be required to complete an in-class midterm exam and a formally scheduled final exam.  These will be essay tests based on the material covered in class.  Sample questions will be made available during study sessions prior to the exams.
===February 5, 2018===


==Collaboration==
[[SystemsSec 2018W Lecture 9|Software Vulnerabilities 1]]


Collaboration on all work is allowed except for the midterm and final exams. Collaboration, however, should be clearly acknowledged.  Specifically, co-authored works should be marked as such.  When co-authored, all authors of reading responses and projects will get the same grade, unless there is reason to believe that some co-authors did not in fact contribute significantly to the submitted work.  Co-authored contributions may get different grades depending upon the relative contribution of the different authors; however, the default here will also be to give all authors the same grade.
===February 7, 2018===
[[SystemsSec 2018W Lecture 10|Software Vulnerabilities 2]]


It is '''essential''' that outside references be cited appropriately.  Proper citation format should be followed except where more relaxed forms are specifically allowed.
===February 12, 2018===
[[SystemsSec 2018W Lecture 11|Let's Encrypt, Buffer Overflows 1]]


Plagiarism or intellectual dishonesty of any kind is strictly forbidden.  In other words, it should always be clear what is your work and what is the work of others.  If anything you submit is, in part or whole, very similar in content or structure to that of work produced by someone else, you are plagiarizing.  This includes figures.
===February 14, 2018===


Think of plagiarism as a kind of unauthorized collaboration.  Don't do it.  Plagiarism and other instructional offenses will be reported to the Dean of Science for disciplinary action, as per university guidelines.
[[SystemsSec 2018W Lecture 12|Web Security 1]]


===February 19 & 21, 2018===


==University Policies==
Winter break, no classes


===Student Academic Integrity Policy===
===February 26, 2018===


Every student should be familiar with the Carleton University student academic integrity policy. A student found in violation of academic integrity standards may be awarded penalties which range from a reprimand to receiving a grade of F in the course or even being expelled from the program or University. Some examples of offences are: plagiarism and unauthorized co-operation or collaboration. Information on this policy may be found in the Undergraduate Calendar.
[[SystemsSec 2018W Lecture 13|Malware 1]]


===Plagiarism===
===February 28, 2018===


As defined by Senate, "plagiarism is presenting, whether intentional or not, the ideas, expression of ideas or work of others as one's own". Such reported offences will be reviewed by the office of the Dean of Science.
[[SystemsSec 2018W Lecture 14|Biology 1]]


===Unauthorized Co-operation or Collaboration===
===March 5, 2018===


Senate policy states that "to ensure fairness and equity in assessment of term work, students shall not co-operate or collaborate in the completion of an academic assignment, in whole or in part, when the instructor has indicated that the assignment is to be completed on an individual basis".
[[SystemsSec 2018W Lecture 15|Mid-term review]], Assignment 2 due


Please see above for the specific collaboration policy for this course.
===March 7, 2018===


===Academic Accommodations for Students with Disabilities===
Mid-term Exam


The Paul Menton Centre for Students with Disabilities (PMC) provides services to students with Learning Disabilities (LD), psychiatric/mental health disabilities, Attention Deficit Hyperactivity Disorder (ADHD), Autism Spectrum Disorders (ASD), chronic medical conditions, and impairments in mobility, hearing, and vision. If you have a disability requiring academic accommodations in this course, please contact PMC at 613-520-6608 or pmc@carleton.ca for a formal evaluation. If you are already registered with the PMC, contact your PMC coordinator to send me your Letter of Accommodation at the beginning of the term, and no later than two weeks before the first in-class scheduled test or exam requiring accommodation (if applicable). After requesting accommodation from PMC, meet with me to ensure accommodation arrangements are made. Please consult the PMC website for the deadline to request accommodations for the formally-scheduled exam (if applicable) at http://www2.carleton.ca/pmc/new-and-current-students/dates-and-deadlines
===March 12, 2018===


===Religious Obligation===
[[SystemsSec 2018W Lecture 16|Intrusion Detection 1]]


Write to the instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website: http://www2.carleton.ca/equity/
===March 14, 2018===


===Pregnancy Obligation===
[[SystemsSec 2018W Lecture 17|Anomaly Detection 1]]


Write to the instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website: http://www2.carleton.ca/equity/
===March 19, 2018===


===Medical Certificate===
[[SystemsSec 2018W Lecture 18|System call sequences]], [https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/comp4108-2018w-midterm-sol.pdf Midterm solutions]


The following is a link to the official medical certificate accepted by Carleton University for the deferral of final examinations or assignments in undergraduate courses. To access the form, please go to http://www.carleton.ca/registrar/forms
===March 21, 2018===
 
[[SystemsSec 2018W Lecture 19|Machine Learning & Security]]
 
===March 26, 2018===
 
[[SystemsSec 2018W Lecture 20|Virtualization]], Assignment 3 due
 
===March 28, 2018===
 
[[SystemsSec 2018W Lecture 21|Sandboxing]]
 
===April 2, 2018===
 
[[SystemsSec 2018W Lecture 22|Diversity]]
 
===April 4, 2018===
 
[[SystemsSec 2018W Lecture 23|Network monitoring]]
 
===April 9, 2018===
 
[[SystemsSec 2018W Lecture 24|Assignment 4 solutions]], Assignment 4 due, last day of class
 
===April 11, 2018===
 
All [[Computer Systems Security: Winter 2018 Experiences|Experiences]] are due.
 
===April 17, 2018===
 
Optional [[SystemsSec 2018W Final Exam Review|review session]], 1-2:30 PM in 3235 ME (the regular classroom).
 
===April 20, 2018===
 
Final Exam (2-5 PM, AT 101)

Latest revision as of 21:25, 17 April 2018

Course Outline

Course Outline

Experiences

You are required to complete 9 experiences throughout the semester.

Assignments

Assignments will be posted here as they become available

Resources

Here are some resources you may find useful:

If you cannot access openstack, try changing your SCS password.

Schedule

January 8, 2018

Introduction

January 10, 2018

Threat Modelling

January 15, 2018

Common tools

January 17, 2018

passwd

January 22, 2018

Networking 1

January 24, 2018

Virtual machines 1

January 29, 2018

Cryptography 1

January 31, 2018

Networking 2

Assignment 1 due

February 5, 2018

Software Vulnerabilities 1

February 7, 2018

Software Vulnerabilities 2

February 12, 2018

Let's Encrypt, Buffer Overflows 1

February 14, 2018

Web Security 1

February 19 & 21, 2018

Winter break, no classes

February 26, 2018

Malware 1

February 28, 2018

Biology 1

March 5, 2018

Mid-term review, Assignment 2 due

March 7, 2018

Mid-term Exam

March 12, 2018

Intrusion Detection 1

March 14, 2018

Anomaly Detection 1

March 19, 2018

System call sequences, Midterm solutions

March 21, 2018

Machine Learning & Security

March 26, 2018

Virtualization, Assignment 3 due

March 28, 2018

Sandboxing

April 2, 2018

Diversity

April 4, 2018

Network monitoring

April 9, 2018

Assignment 4 solutions, Assignment 4 due, last day of class

April 11, 2018

All Experiences are due.

April 17, 2018

Optional review session, 1-2:30 PM in 3235 ME (the regular classroom).

April 20, 2018

Final Exam (2-5 PM, AT 101)