CIS 5373: Systems Security
Spring 2020
Instructor:
Bogdan Carbunar
E-mail: carbunar at cs dot fiu dot edu
Office hours: Mondays, before or after class, ECS 383.
Web page:
http://www.cs.fiu.edu/~carbunar/teaching/cis5373/cis5373.S.2020/cis5373.html
Class time and location:
Mondays, 17:00-19:30pm: PG6 144
Announcements
[Posted on Monday February 2 2020]: Second homework is out. You can find it
here.
The homework is due on Monday March 23 at 5:00 pm. Type write the solution.
Print the homework and bring it to class. 10 points out of 100 are subtracted
for each late day.
[Posted on Saturday January 25 2020]: First homework is out. You can find it
here.
The homework is due on Monday February 10 at 5:00 pm. Type write the solution.
Print the homework and bring it to class. 10 points out of 100 are subtracted
for each late day.
[Posted on Monday December 6 2020]: Registration is open. Please register today for the class while seats last.
Course Overview
This course will cover important systems security topics that include
vulnerabilities and malware, access control, key management and distribution,
authentication protocols, and others.
List of course topics (tentative):
-
Introduction to computer security.
Basic concepts, threat models, common security goals.
-
Vulnerabilities, including buffer overflows and incomplete mediation.
-
Malware, including viruses, worms, trapdoors, rootkits, trojan horses,
covert channels and other.
-
Access control.
-
Network Security.
Textbooks and Additional Materials
This class is based on the slides that are provided on this website and the
lectures. I encourage you to use Wikipedia. I will use mainly the following
textbooks, however, they are not required and I do not encourage you to buy
them. The first book can also be found online:
-
Security in Computing
(Charles P. Pfleeger, Shari Lawrence Pfleeger, 4th ed., Prentice Hall).
-
Applied Cryptography: Protocols, Algorithms, and Source Code in C
(Bruce Schneier, 2nd ed., John Wiley & Sons, 1996 ).
Lectures
The following schedule is tentative and subject to change.
Readings from the textbooks are indicated as follows: P&P:Ch1.2 denotes
Pfleeger & Pfleeger, Chapter 1.2; St:Ch1.2 denotes Stallings, Chapter 1.2.
Optional readings are in parentheses.
|
|
Topic |
Readings |
| Week 1 |
January 6 |
Class overview; Introduction to systems security |
Slides [pdf]
|
| Week 2 |
January 13 |
Program Security and Vulnerabilities |
Slides [pdf]
|
| Week 3 |
January 20 |
No class! |
Martin Luther King Jr. Day
|
| Week 4 |
January 27 |
Malware |
Slides [pdf].
|
| Week 5 |
February 3 |
User Authentication |
Slides [pdf].
Presentation details [pdf].
|
| Week 6 |
February 10 |
Key Distribution. Public Key Certificates |
Slides [pdf].
|
| Week 7 |
February 17 |
Access Control |
Slides [pdf].
|
| Week 8 |
February 24 |
Spring Break! |
|
| Week 9 |
March 2 |
Network Security |
Slides [pdf].
|
| Week 10 |
March 9 |
Student presentations |
DDoS Hide and Seek: On the Effectiveness of a Booter Services Takedown
Presented by Gregory Ayala.
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
Presented by Andy Morales.
|
| Week 11 |
March 16 |
Student presentations |
Certificate Transparency in the Wild: Exploring the Reliability of Monitors.
Presented by Arya Sharma.
|
| Week 12 |
March 23 |
Student presentations |
Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet.
Presented by Ahmet Kurt.
Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines
Presented by Ernesto Gonzalez.
|
| Week 13 |
March 30 |
Student presentations |
Measuring Security Practices and How They Impact Security. Presented by
Kierstin Matsuda.
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Presented by
Harun Oz.
|
| Week 14 |
April 6 |
Student presentations |
SEEMless: Secure End-to-End Encrypted Messaging with less Trust.
Presented by Mohammad Asif Khan.
Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media.
Presented by Mark Greening.
|
| Week 15 |
April 13 |
Student presentations |
Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope.
Presented by Christine Stepanovich.
Geneva: Evolving Censorship Evasion Strategies.
Presented by Marc Roger.
|
| Week 16 |
April 20 |
Final Exam |
PG6 Room 144, 5-7pm
|
Suggested Publications for Class Presentations
Measuring Security Practices and How They Impact Security
[pdf]
Louis F. DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M. Voelker, and Stefan Savage.
Assigned to Kierstin Matsuda.
Booting the booters: Evaluating the effects of police interventions
[pdf]
Ben Collier, Daniel R. Thomas, Richard Clayton, and Alice Hutchings
DDoS Hide and Seek: On the Effectiveness of a Booter Services Takedown
[pdf]
Daniel Kopp and Matthias Wichtlhuber, Ingmar Poese, Jose Jair Cardoso de Santanna, Oliver Hohlfeld, Christoph Dietzel. Assigned to Gregory Ayala.
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
[pdf]
Sergio Pastrana, Guillermo Suarez-Tangil.
Assigned to Andy Morales.
Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope
[pdf]
Philipp Richter, Arthur Berger.
Assigned to Christine Stepanovich.
Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table Share
[pdf]
Cecilia Testart, Philipp Richter, Alistair King, Alberto Dainotti, David Clark
Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines
[pdf]
Peng Peng, Limin Yang, Linhai Song, Gang Wang.
Assigned to Ernesto Gonzalez.
Certificate Transparency in the Wild: Exploring the Reliability of Monitors.
[pdf]
Bingyu Li, Jingqiang Lin, Fengjun Li, Qiongxiao Wang, Qi Li, Jiwu Jing, Congli Wang.
Assigned to Arya Sharma.
Geneva: Evolving Censorship Evasion Strategies.
[pdf]
Kevin Bock, George Hughey, Xiao Qiang, Dave Levin.
Assigned to Marc Roger.
Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media.
[pdf]
Mainack Mondal, Gunce Su Yilmaz, Noah Hirsch, Mohammad Taha Khan, Michael Tang, Christopher Tran, Chris Kanich, Blase Ur, Elena Zheleva.
Assigned to Mark Greening.
SEEMless: Secure End-to-End Encrypted Messaging with less Trust.
[pdf]
Melissa Chase, Apoorvaa Deshpande, Esha Ghosh, Harjasleen Malvai.
Assigned to Mohammad Asif Khan.
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware.
Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson,
and Engin Kirda.
Assigned to Harun Oz.
Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet.
Herwig, Stephen and Harvey, Katura and Hughey, George and Roberts, Richard and Levin, Dave
Assigned to Ahmet Kurt.
Grading Summary
Final grades will be computed from the following categories (subject to change)
- 35% Final
- 20% Homework
- 35% Class presentation
- 10% Class participation (distributed among final and presentation for online students)
Policies
Following grading of homeworks, midterm and final, you have three weeks to
challenge your grade.
Warning
We may discuss vulnerabilities in existing computer systems. Such
discussions are not intended as an invitation to go exploit those
vulnerabilities. It is important that we be able to discuss real-world
experience candidly; students are expected to behave responsibly. You may not
break into machines that are not your own; you may not attempt to attack or
subvert system security. Breaking into other people's systems is
inappropriate, and the existence of a security hole is no excuse.
Collaboration and Academic Integrity Policy
Homeworks are to be done individually, on your own (not in groups).
For homeworks, you must always write up the solutions on
your own. Similarly, you may use references to help solve homework problems,
but you
must write up the solution on your own and cite your sources.
You may not share written work or programs with anyone else.
Code of Academic Integrity
http://www.fiu.edu/~oabp/misconductweb/2codeofacainteg.htm
Back to main page