COMP 4/6420 Network and Mobile Security - Fall2021
Teaching Team
Lecturer: Kan Yang. Email: kan.yang AT memphis.edu
TA: TBA
Course Description
This course will discuss security issues and solutions in computer and mobile networks. Topics include Web Security (web security mode, web application security), Cryptography (symmetric cryptography, public-key cryptography, SSL/TLS, and other crypto tools), Network Security (security issues in network protocols, network defense tools, DoS attacks, etc.), Mobile Security (mobile platform security models, mobile threats and malware), and Cloud Security. (The content and syllabus are subject to adjustment during the semester.)
Lecture
Tuesday/Thursday, 1:00 pm - 2:25 pm, Dunn Hall 103
Office Hours
With TA: Jamal Mosakheil (jmskheil@memphis.edu, email appointment first)
With Lecturer: By appointment only (Please arrange by email 2-3 days in advance)
Textbook
No required textbook
Evaluation
Grading: Final Grades = 2*Midterms (2*25%) + 2*Homework (2*15%) + 4*Quizzes(4*5%). No final exam during the final week!
Grading Scale: A: 85 – 100, B: 70 – 84, C: 60 – 69, D: 50 – 59, F: 49 and below. (Plus/minus grading will be used).
Course Policy
- Late Policy: Without prior request, no late work will be accepted. All late submission maybe accepted at a penalty of 15% per day for no more than THREE days.
- Testing Policy: The exam given is closed book/note/laptop/neighbor. But students are allowed to bring one cheat sheet (letter-sized 8.5-by-11) for quick reference. There will NOT be any makeup exams unless there is a documented emergency.
- Homework Assignment and Project Report Policy: It is recommended that students use a word processing software (e.g., Word or LaTeX) to type their homework solutions or project report, then submit well-formatted PDF files.
COVID-19 Health and Safety Policy
Masks and Social Distancing
All students, faculty and staff will wear masks in all public spaces, including our classroom (lab) per the COVID-19 policy. The first time a student enters a classroom without wearing a face covering, the student will be asked to leave the class until they return a covering. Further violations will be referred to the Office of Student Accountability. Students who repeatedly or flagrantly violate these community expectations may be referred for discipline under the Student Code and, if appropriate, immediately removed from campus by the Dean of Students.
Student Health
Students who are experiencing symptoms such as sneezing, coughing or a higher than normal temperature should inform me by email so they can be excused from class and should stay home. Students should contact their health care provider or the Student Health Center at https://www.memphis.edu/health/. Students who have a positive COVID-19 test should contact the Dean of Students at deanofstudents@memphis.edu.Student Accommodations
If and when we return to class, students seeking to remain remote for health or other serious reasons should discuss their options with me. Students with accessibility issues or with other learning accommodation needs due to a disability should contact Disability Resources for Students (DRS) to submit an official request for course accommodations. Contact DRS at 901.678.2880 or at drs@memphis.edu. (https://www.memphis.edu/drs/index.php)Student Resources
Students who need additional resources can contact the Dean of Students Office at https://www.memphis.edu/deanofstudents/crisis/index.php.
Homework
- Homework 1
- Homework 2
Course Schedule
Part I: Introduction
-
Week 1:
- Aug 24 - Lecture 1: Course Intro
- Aug 26 - Lecture 2: Security Intro
Part II: Web Security
-
Week 2:
- Aug 31 - Lecture 3: Web Security Overview
Optional Reading:- Same-origin Policy, Browser Security Handbook, part 2, by Michal Zalewski.
- Securing Frame Communication in Browsers, by Adam Barth, Collin Jackson, and John C. Mitchell.
- The Security Architecture of the Chromium Browser, by Adam Barth, Collin Jackson, Charles Reis, and Google Chrome Team.
- Sep 2 - Lecture 4: Web Security - SQL Injection
Optional Reading:- Advanced SQL Injection in SQL Server Applications, by Chris Anley.
- SQL Injection Attacks by Example, by Steve Friedl's Unixwiz.net Tech Tips.
- SQL Injection Cheat Sheet, OWASP.
- Aug 31 - Lecture 3: Web Security Overview
-
Week 3:
- Sep 7 - Lecture 5: Web Security - Cross-Site Scripting
Optional Reading:- Cross Site Scripting Explained, by Amit Klein.
- XSS Attack Examples, by Lakshmanan Ganapathy.
- XSS Filter Evasion Cheat Sheet, OWASP.
- Sep 9 - Lecture 6: Web Security - Cross-Site Request Forgery
Optional Reading:- Cross-Site Request Forgeries: Exploitation and Prevention, by William Zeller and Edward W. Felten.
- Robust Defenses for Cross-Site Request Forgery, by Adam Barth, Collin Jackson, and John C. Mitchell.
- CSRF Prevention Cheat Sheet, OWASP.
- Sep 7 - Lecture 5: Web Security - Cross-Site Scripting
-
Week 4:
- Sep 14 - Lecture 7: Web Security - Session Management
Optional Reading:- Secure Session Management With Cookies for Web Applications, by Chris Palmer.
- Origin Cookies: Session Integrity for Web Applications, by Bortz et al.
- Sep 14 - Lecture 7: Web Security - Session Management
Part III: Cryptography
- Week 4:
- Sep 16 - Lecture 8: Cryptography - Symmetric Cryptography I
Optional Reading:
- Sep 16 - Lecture 8: Cryptography - Symmetric Cryptography I
- Week 5:
- Sep 21 - Lecture 9: Cryptography - Symmetric Cryptography II
- Sep 23 - Lecture 10: Cryptography - Symmetric Cryptography III
-
Week 6:
- Sep 28 - Lecture 11: Cryptography - Public Key Cryptography I
Optional Reading: - Sep 30 - Lecture 12: Cryptography - Public Key Cryptography II
- Sep 28 - Lecture 11: Cryptography - Public Key Cryptography I
-
Week 7:
- Oct 5 - Lecture 13: HTTPS
- Oct 7 - Lecture 14: Midterm Review I
-
Week 8:
- Oct 12 - Fall Break
- Oct 14 - Lecture 15: Midterm I
Part IV: Network Security
-
Week 9:
- Oct 19 - Lecture 16: Networking Overview
- Oct 21 - Lecture 17: Network Security Issues
-
Week 10:
- Oct 26 - Lecture 18: Network Defense Tools: Firewalls, VPN and Intrusion Detection
- Oct 28 - Lecture 19: DNS Security
-
Week 11:
- Nov 2 - Lecture 20: Denial of Service (DoS) Attacks
- Nov 4 - Lecture 21: Wireless Network Security Overview
Part V: Mobile Security
-
Week 12:
- Nov 9 - Lecture 22: iOS Security
- Nov 11 - Lecture 23: Android Security
-
Week 13:
- Nov 16 - Lecture 24: Malware Overview
- Nov 18 - Lecture 25: Midterm Review II
-
Week 14:
- Nov 23 - Lecture 26: Midterm II