COMP 4420 Network and Mobile Security - fall2019

Teaching Team

Lecturer: Kan Yang. Email: kan.yang AT memphis.edu

TA: Jeevan Chapagain (jchpgain@memphis.edu)

Course Description

This course will discuss security issues and solutions in computer and mobile networks. Topics include Web Security (web security mode, web application security), Cryptography (symmetric cryptography, public-key cryptography, SSL/TLS, and other crypto tools), Network Security (security issues in network protocols, network defense tools, DoS attacks, etc.), Mobile Security (mobile platform security models, mobile threats and malware), and Cloud Security. (The content and syllabus are subject to adjustment during the semester.)

Prerequisites: COMP 3825 and COMP 4410 or permission of instructor

Lecture

Tuesday/Thursday, 9:40 am - 11:05 am, Engineering Science Building 326

Office Hours

With TA: Every Thursday 1:15 - 2:15 pm at DH314

With Lecturer: By appointment only (Please arrange by email 2-3 days in advance)

Textbook

No required textbook

Evaluation

Grading: Final Grades = 2*Midterms (2*25%) + 2*Homework (2*15%) + 4*Quizzes(4*5%). No final exam during the final week!

Grading Scale: A: 85 – 100, B: 70 – 84, C: 60 – 69, D: 50 – 59, F: 49 and below. (Plus/minus grading will be used).

Course Policy

• Late Policy: Without prior request, no late work will be accepted. All late submission maybe accepted at a penalty of 15% per day for no more than THREE days.
• Testing Policy: The exam given is closed book/note/laptop/neighbor. But students are allowed to bring one cheat sheet (letter-sized 8.5-by-11) for quick reference. There will NOT be any makeup exams unless there is a documented emergency.
• Homework Assignment and Project Report Policy: It is recommended that students use a word processing software (e.g., Word or LaTeX) to type their homework solutions or project report, then submit well-formatted PDF files.

Homework

• Homework 1 (WORD, PDF), Due: Oct. 8th 11:59pm 2019
• Homework 2 (WORD, PDF), Due: Nov. 22nd 11:59pm 2019

Course Schedule

Part I: Introduction

• Week 1:
  • Aug 27 - Lecture 1: Course Intro (Slide 1)
  • Aug 29 - Lecture 2: Security Intro (Slide 2)

Part II: Web Security

• Week 2:
  • Sep 03 - Lecture 3: Web Security Overview (Slide 3)
    Optional Reading:
    • Same-origin Policy, Browser Security Handbook, part 2, by Michal Zalewski.
    • Securing Frame Communication in Browsers, by Adam Barth, Collin Jackson, and John C. Mitchell.
    • The Security Architecture of the Chromium Browser, by Adam Barth, Collin Jackson, Charles Reis, and Google Chrome Team.
  • Sep 05 - Lecture 4: Web Security - SQL Injection (Slide 4)
    Optional Reading:
    • Advanced SQL Injection in SQL Server Applications, by Chris Anley.
    • SQL Injection Attacks by Example, by Steve Friedl's Unixwiz.net Tech Tips.
    • SQL Injection Cheat Sheet, OWASP.
• Week 3:
  • Sep 10 - Lecture 5: Web Security - Cross-Site Scripting (Slide 5)
    Optional Reading:
    • Cross Site Scripting Explained, by Amit Klein.
    • XSS Attack Examples, by Lakshmanan Ganapathy.
    • XSS Filter Evasion Cheat Sheet, OWASP.
  • Sep 12 - Lecture 6: Web Security - Cross-Site Request Forgery (Slide 6)
    Optional Reading:
    • Cross-Site Request Forgeries: Exploitation and Prevention, by William Zeller and Edward W. Felten.
    • Robust Defenses for Cross-Site Request Forgery, by Adam Barth, Collin Jackson, and John C. Mitchell.
    • CSRF Prevention Cheat Sheet, OWASP.
• Week 4:
  • Sep 17 - Lecture 7: Web Security - Session Management (Slide 7)
    Optional Reading:
    • Secure Session Management With Cookies for Web Applications, by Chris Palmer.
    • Origin Cookies: Session Integrity for Web Applications, by Bortz et al.

Part III: Cryptography

• Week 4:
  • Sep 19 - Lecture 8: Cryptography - Symmetric Cryptography I (Slide 8)
    Optional Reading:
    • Symmetric Cryptography Optional Notes
• Week 5:
  • Sep 24 - Lecture 9: Cryptography - Symmetric Cryptography II (Slide 9)
  • Sep 26 - Lecture 10: Cryptography - Symmetric Cryptography III (Slide 10)
• Week 6:
  • Oct 01 - Lecture 11: Cryptography - Public Key Cryptography I (Slide 11)
    Optional Reading:
    • Asymmetric Cryptography Optional Notes
  • Oct 03 - Lecture 12: Cryptography - Public Key Cryptography II (Slide 12)
• Week 7:
  • Oct 08 - Lecture 13: Midterm Review I (Slide 13)
  • Oct 10 - Lecture 14: Midterm I

Part IV: Network Security

• Week 8:
  • Oct 15 - Fall Break
  • Oct 17 - Lecture 15: HTTPS (Slide 15)
• Week 9:
  • Oct 22 - Lecture 16: Networking Overview (Slide 16)
  • Oct 24 - Lecture 17: Network Security Issues (Slide 17)
• Week 10:
  • Oct 29 - Lecture 18: Network Defense Tools: Firewalls, VPN and Intrusion Detection (Slide 18)
  • Oct 31 - Lecture 19: DNS Security(Slide 19)
• Week 11:
  • Nov 05 - Lecture 20: Denial of Service (DoS) Attacks(Slide 20)
  • Nov 07 - Lecture 21: Wireless Network Security Overview(Slide 21)

Part V: Mobile Security

• Week 12:
  • Nov 12 - Lecture 22: iOS Security(Slide 22)
  • Nov 14 - Lecture 23: Android Security(Slide 23)
• Week 13:
  • Nov 19 - Lecture 24: Malware Overview(Slide 24)
  • Nov 21 - Lecture 25: Midterm Review II(Slide 25)
• Week 14:
  • Nov 26 - Lecture 26: Midterm II
  • Nov 28 - Thanksgiving Holiday
• Week 15:
  • Dec 03 - No Class