CPSC 526/626: Network Systems Security (Winter 2020)

Announcements | General Information | Exercises | Assignments | Tutorials | Lectures


Announcements


General information

Instructor: Joel Reardon, ICT 642, e-mail joel.reardon [at] ucalgary [dot] ca
Lectures: TR 12:30--13:45, Room: ST 145
Office hours: TR 14:15--15:15 Room: ICT 642
Syllabus: [CPSC 526]
Syllabus: [CPSC 626]




Assignments

assignment due date



Tutorials

num day time place tutor
T01 TR 14:00--14:50 MS 239 Edward Rochester
T02 TR 16:00--16:50 MS 239 Edward Rochester
T03 MW 13:00--13:50 MS 239 Behnam Ousat
T04 MW 11:00--11:50 MS 239 Behnam Ousat

Date Topic Handout
2020-01-20 intro C socket programming
2020-01-22 intro Threat models


Lecture Content

Note: readings marked with an asterix should be considered optional. The rest are requiredhighly recommended

Lecture Date Topic Readings
Jan 14 and 16 Introduction[text][slides] [PVO] chapter 1; [KPS*] chapter 1; [beej] chapters 1-7
Jan 21 Cryptography[text][slides] [PVO] 2.1--2.4; [PVO*] 4.8; [KPS*] chapter 2, 3.1, 3.2, 4.1, 4.2, 4.3, 6.1, 6.2, 6.4, 6.5
Hash FunctionsHash Functions [PVO] 2.5, 2.6; [KPS*] 5.1, 5.2, 5.7
AuthenticationAuthentication [PVO] 3.1--3.4; [KPS*] chapter 9.1, 9.2, 9.3, 10; [weir*]
KerberosKerberos [PVO] 4.1--4.4; 4.7; [KPS*] 11.4, 11.5, chapter 13; [kerb] all scenes
CertificatesCertificates [PVO] 8.1--8.5; [KPS*] 9.7.2, 9.7.3
TLSTLS [PVO] 9.2; [KPS*] chapter 19; [strip]
Network StackNetwork Stack [KPS*] 16.1
Denial of ServiceDenial of Service [PVO] 11.4; [KPS*] 23.6
TCP AttacksTCP Attacks [PVO] 11.6; [du*] chapter 13
DNS and DNSSecDNS and DNSSec [PVO] 11.5; [kam], [kamdns]
ARPARP [PVO] 11.5
FirewallsFirewalls [PVO] 10.1, 10.2; [KPS*] chapter 23 intro and 23.1
Web SecurityWeb Security [PVO] 9.1, 9.3, 9.4
XSRFXSRF [PVO] 9.5; [schreiber]
XSSXSS [PVO] 9.6; [postcards]
Code InjectionCode Injection [PVO] 9.7; [sql*]
ClickjackingClickjacking [huang]

References

[PVO] Computer Security and the Internet Paul Van Oorschot 2020, Springer
[KPS] Network Security Charlie Kaufman, Radia Perlman, Mike Speciner (second edition) 2002, Prentice Hall.
[beej] Beej's Guide to Network Programming
[kerb] Designing an Authentication System: a Dialogue in Four Scenes
[weir] Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
[kam] It’s The End Of The Cache As We Know It
[strip] New Tricks For Defeating SSL In Practice
[du] Chapter 13 Attacks on the TCP Protocol
[kamdns] An Illustrated Guide to the Kaminsky DNS Vulnerability
[huang] Clickjacking: Attacks and Defenses
[schreiber] Session Riding
[postcards] Postcards from the post-XSS world
[sql] Advanced SQL Injection In SQL Server Applications


Last updated: