COSC535 - Network Security (Fall 2012)
Georgetown University
Prof. Micah Sherr

Course Description

This course introduces students to network and communications security. Students will learn about current threats and defenses by examining case-studies, seminal research papers, and monographs in a wide range of security areas. Topics covered include cryptography, network design fundamentals, authentication, confidentiality protocols, worms, botnets, denial-of-service attacks, firewalls, intrusion detection systems, secure routing, network privacy and anonymity, spam, and web security.

Prerequisites: This is a graduate-level computer science course. Students are expected to have a working knowledge of C and UNIX/Linux, and have a basic understanding of computer operating systems and networks. There will be several programming assignments.

Jump to course syllabus/schedule.

Who, What, and Where

Instructor: Prof. Micah Sherr
Email: click here
Office: St. Mary's Hall, Room 337
Office Hours: Tuesdays from 4pm until 5pm, and by appointment

Classes are held every Tuesday and Thursday from 2pm until 3:15pm in Reiss 264.

Why

This graduate-level course will impart a broad understanding of the underpinnings of security techniques, security best practices, and computer security research. The course should help students to understand the mindsets of attackers (the bad guys and gals who do malicious things on the network) and system designers and defenders (the good guys and gals who try to stop the attackers). The course should prepare students to understand and assess security threats, become familiar with security engineering best practices, and write better software, protocols, and systems.

Textbook and Other Readings

The required textbook for this class is Introduction to Computer Security by Michael Goodrich and Roberto Tamassia.

Other useful (but not required) books include:

A major goal of this graduate-level class is to familiarize students with academic computer security research. Students will read several seminal research papers throughout the semester. Reading assignments are listed below and should be completed before the class that covers the material. This class covers a lot of material, and students are highly encouraged not to fall behind on the readings.

Important: Before each class, students should email short (as in, at most three sentences per question) answers to the following questions to cosc535-responses@security.cs.georgetown.edu:
  • "What problem does this paper address?"
  • "What is the contribution of this work?"
  • "What are the shortcomings of the proposed approach?" Or, alternatively, "How could the paper be improved?"
  • "Was this a good paper to assign?"

Answers will be graded on a {✓+, ✓, ✓-, 0} basis.

Separate reading responses are required for each reading assignment, excluding book readings. Book readings do not require reading responses.

Warning: Responses that merely summarize the paper, show little depth or understanding of the material, or simply reiterate the paper's abstract or conclusion will receive very little credit.

Course Resources / Listserv

Students should take advantage of two critical course resources.

Most importantly, students should regularly attend class. Not only is attendance mandatory (and a significant part of students' grades), classroom discussion will hone in on the particular subject matter that I think is most important (and consequently, significantly more likely to appear on exams).

Second, we will make extensive use of the class listserv. The listserv address is:

cosc535-fall12@security.cs.georgetown.edu

Students are expected to read every post to the listserv and to contribute to the discussion. Be prepared to receive a lot of email -- in my previous classes, several thousand listserv messages were posted in a single semester.

Q: What's the point of the listserv?
A: I'm glad you asked. If you don't understand something that was said in class, or have a question about some part of the homework assignment or some material in the textbook, it's safe to assume that a handful of other students are also confused. The listserv has several purposes. (1) It tells you that other people in the class are similarly confused about a particular topic; (2) it enables all students to learn both from the question and the answer; (3) it spawns interesting discussions; and (4) it lets me gauge what topics need better clarification and instruction.

Q: Can't I just email the Prof?
A: Of course you can, but if others can learn from the answer, you're strongly encouraged to post your question to the listserv. (In fact, you may be asked to do so.)

Q: What types of questions/answers can I post to the listserv?
A: Students are encouraged to post any questions (and answers!!) to the listserv, so long as they do not give away the solution to an assignment. General questions, conceptual questions, and clarifications are strongly encouraged. For example:
    What are the causes of a "Segmentation fault"?

    Are code exploits specific to a particular operating system?

    What is the meaning of *ptr++?
are acceptable.

Q: What types of questions/answers should I not post to the listserv?
A: Do not give away solutions to assignments. Do not start flamewars and do be respectful of others. For example:
    Why doesn't the following code work?
    [followed by 500 lines of C code]

    Is "42" an acceptable answer to homework question 5?

    Billy, your a morron.  Stop asking stupid questions and
    wasting everyone's time.
are not acceptable.

Grading and Other Class Policies

Semester grades will be calculated using the following distribution:

Homeworks 36%
Exam 1 17%
Exam 2 17%
Final Exam 20%
Participation* 10%

* Participation includes more than just attendance (although attendance is a must). Students should contribute to classroom and listserv discussions. Answers to reading questions are factored into the participation grade.

Other miscellaneous (but hopefully not arbitrary) policies:
  • Please turn off cell phones during class.
  • I will do my best to respond to emails within 24 hours. Please also consider posting your questions to the class listserv.
  • Assignments are due before class on the posted date. There is a 25% penalty for up to 24 hours after the deadline. After that, the assignment will be graded as a zero.
  • No make-up exams will be permitted.
  • Students may appeal to the instructor for reconsideration of a grade, but the appeal must be in writing (i.e., email), and must be sent within 3 weeks (or the close of the semester, whichever is sooner) of receiving the graded assignment.
  • Behave civilly: don't be late for class; don't read newspapers/blogs/etc. during class; don't solve Sudoku puzzles during class; don't struggle with crossword puzzles during class; respect others' opinions, even if they are clearly wrong.
  • Adhere to good scientific principles and practices, and uphold the Georgetown Honor System.

A Note about Academic (Dis)Honesty

Please do not cheat. Dealing with cheating is by far the worst part of a professor's responsibilities, and it's one that I'd greatly like to avoid. If you are caught cheating, I will turn your case over to the Graduate School of Arts and Sciences, without exception. It doesn't matter if you plagiarized one part of one answer in a homework assignment or outsourced the entire solution to www.willdoyourhomeworkforcupcakes.com. Telling me that I'm ruining your future/career/life will make me feel wicked bad, but won't stop me from referring you to the Graduate School.

The following -- taken from the Graduate Bulletin -- is a partial list of the things you cannot do: plagiarism; unacknowledged paraphrase; cheating, fabrication of data; fabrication, alteration, or misrepresentation of academic records; facilitating academic dishonesty; unauthorized collaboration; misuse of otherwise valid academic work; misuse of academic resources; depriving others of equal access to academic resources.

Bottom Line: If you are unsure whether or not something is permissible, ask me beforehand.

A Note about Network Security

This class covers both offensive and defensive computer and network security techniques. Enrollment in this class does not constitute a waiver of Georgetown's Acceptable Use Policy. Students are expected and required to obey all University policies. Talk to the instructor before conducting any network experiments.

Syllabus and Schedule

Slide handouts will be posted to this web page shortly after class. I will not print out slides. (I like trees.)