COMP 4/6420 Network and Mobile Security - Fall2024

Teaching Team

Lecturer: Kan Yang. Email: kan.yang AT memphis.edu

TA: Meiying Zhang, Email: mzhang6@memphis.edu

Course Description

This course will discuss security issues and solutions in computer and mobile networks. Topics include Web Security (web security mode, web application security), Cryptography (symmetric cryptography, public-key cryptography, SSL/TLS, and other crypto tools), Network Security (security issues in network protocols, network defense tools, DoS attacks, etc.), Mobile Security (mobile platform security models, mobile threats and malware), and Cloud Security. (The content and syllabus are subject to adjustment during the semester.)

Lecture

Monday/Wednesday, 12:40 pm - 2:05 pm, Clement Hall 137

Office Hours

With TA: TBA

With Lecturer: By appointment only (Please arrange by email 2-3 days in advance)

Textbook

Internet Security: A Hands-on Approach 3rd Edition (ISBN: 978-17330039-6-4), by Wenliang Du. Purchase on Amazon

Evaluation

Grading: Final Grades = Homework (20%) + Quizzes(10%) + Lab (25%) + Midterm (20%) + Final Exam (25%).

Grading Scale: A: 85 – 100, B: 70 – 84, C: 60 – 69, D: 50 – 59, F: 49 and below. (Plus/minus grading will be used).

Course Policy

• Late Policy: Without prior request, no late work will be accepted. All late submission maybe accepted at a penalty of 15% per day for no more than THREE days.
• Testing Policy: The exam given is closed book/note/laptop/neighbor. But students are allowed to bring one cheat sheet (letter-sized 8.5-by-11) for quick reference. There will NOT be any makeup exams unless there is a documented emergency.
• Homework Assignment and Project Report Policy: It is recommended that students use a word processing software (e.g., Word or LaTeX) to type their homework solutions or project report, then submit well-formatted PDF files.

Course Schedule

Part I: Introduction

• Week 1:
  • Aug 26 - Lecture 1: Course Intro
  • Aug 28 - Lecture 2: Security Intro

Part II: Web Security

• Week 2:
  • Sep 2 - Labor Day
  • Sep 4 - Lecture 3: Web Security Overview
    Optional Reading:
    • Same-origin Policy, Browser Security Handbook, part 2, by Michal Zalewski.
    • Securing Frame Communication in Browsers, by Adam Barth, Collin Jackson, and John C. Mitchell.
    • The Security Architecture of the Chromium Browser, by Adam Barth, Collin Jackson, Charles Reis, and Google Chrome Team.
• Week 3:
  • Sep 9 - Lecture 4: Web Security - SQL Injection
    Optional Reading:
    • Advanced SQL Injection in SQL Server Applications, by Chris Anley.
    • SQL Injection Attacks by Example, by Steve Friedl's Unixwiz.net Tech Tips.
    • SQL Injection Cheat Sheet, OWASP.
  • Sep 11 - Lecture 5: Web Security - Cross-Site Scripting
    Optional Reading:
    • Cross Site Scripting Explained, by Amit Klein.
    • XSS Attack Examples, by Lakshmanan Ganapathy.
    • XSS Filter Evasion Cheat Sheet, OWASP.
• Week 4:
  • Sep 16 - Lecture 6: Web Security - Cross-Site Request Forgery
    Optional Reading:
    • Cross-Site Request Forgeries: Exploitation and Prevention, by William Zeller and Edward W. Felten.
    • Robust Defenses for Cross-Site Request Forgery, by Adam Barth, Collin Jackson, and John C. Mitchell.
    • CSRF Prevention Cheat Sheet, OWASP.
  • Sep 18 - Lecture 7: Web Security - Session Management
    Optional Reading:
    • Secure Session Management With Cookies for Web Applications, by Chris Palmer.
    • Origin Cookies: Session Integrity for Web Applications, by Bortz et al.

Part III: Cryptography

• Week 5:
  • Sep 23 - Lecture 8: Cryptography - Symmetric Cryptography I
    Optional Reading:
    • Symmetric Cryptography Optional Notes
  • Sep 25 - Lecture 9: Cryptography - Symmetric Cryptography II
• Week 6:
  • Sep 30 - Lecture 10: Cryptography - Symmetric Cryptography III
  • Oct 2 - Lecture 11: Cryptography - Public Key Cryptography I
    Optional Reading:
    • Asymmetric Cryptography Optional Notes
• Week 7:
  • Oct 7 - Lecture 12: Cryptography - Public Key Cryptography II
  • Oct 09 - Lecture 13: HTTPS
• Week 8:
  • Oct 14 - Fall Break
  • Oct 16 - Lecture 14: Midterm Review
• Week 9:
  • Oct 21 - Lecture 15: Midterm

Part IV: Network Security

• Week 9:
  • Oct 23 - Lecture 16: Networking Overview
• Week 10:
  • Oct 28 - Lecture 17: Network Security Issues
  • Oct 30 - Lecture 18: Network Defense Tools: Firewalls, VPN and Intrusion Detection
• Week 11:
  • Nov 4 - Lecture 19: DNS Security
  • Nov 6 - Lecture 20: Denial of Service (DoS) Attacks
• Week 12:
  • Nov 11 - Lecture 21: Wireless Network Security Overview

Part V: Mobile Security

• Week 12:
  • Nov 13 - Lecture 22: iOS Security
• Week 13:
  • Nov 18 - Lecture 23: Android Security
  • Nov 20 - Lecture 24: Malware Overview
• Week 14:
  • Nov 25 - Lecture 26: Final Review
  • Nov 27 - Thanksgiving Holiday
• Week 15:
  • Dec 2 - Final Preparation - no class
  • Dec 4 - Final Exam (in-class exam)

Course Labs

SEED Lab VM Setup

Many thanks to the SEED Lab developed by Dr. Wenliang Du! Follow the instructions to setup the lab environment.

Web Security

• Cross-Site Scripting Attack Lab
• Cross-Site Request Forgery Attack
• SQL Injection Attack

Network Security

• IP Layer and Attacks Lab
• Packet Sniffing and Spoofing Lab
• TCP and Attacks Lab 1
• TCP and Attacks Lab 2
• Firewall Lab
• Virtual Private Network Lab
• Tunneling and Firewall Evasion Lab
• DNS and Attacks Lab 1
• DNS and Attacks Lab 2
• DNSSEC Lab

Mobile Security

• Android Repacking Attack
• Android Device Rooting