Syllabus
CS 5431: Practicum in System SecuritySpring 2017
2 credits, graded
Course Meetings: Friday, 10:10-11:25 am, Hollister Hall 314
Course Description
CS 5431, the practicum in system security, is designed to offer students practical experience with the design and construction of secure computing systems. The course focuses on two main themes: (i) practical defenses for real-world attacks, and (ii) security as part of the software engineering process. Students will engage in a significant group programming project, including the use of software analysis tools.
Topics may include a selection from the following: malware, honeypots, bot nets, buffer overflows, heap attacks, return-oriented programming, format string vulnerabilities, stack canaries, address-space randomization, patch exploits, static analysis, fuzz testing, lint-like and bug-finding tools, SQL injection, cross-site scripting, input validation, taint analysis, same-origin policy, isolation in web browsers, cryptosystems, digital signatures, message authentication codes, hashes, password handling, password cracking, encrypted key exchange, identity-based encryption, SSL/TLS, IPSEC, DNSSEC, S-BGP, WEP/WPA, VPNs, firewalls, packet filtering, intrusion detection, network trace forensics, side channel attacks (timing, cache, power, EM, reflection, acoustic), TPMs, denial of service, flooding, client puzzles, CAPTCHAs.
Website
http://www.cs.cornell.edu/courses/cs5431/2017spInstructor
Eleanor BirrellOffice: Gates 441
Office hours: Monday, 4-6pm. You can also schedule an appoint via email or drop by my office.
Prerequisites
This course assumes that you have mastered the material in CS 4410 (Operating Systems). You must be registered in CS 5430 (System Security) to take CS 5431.
The course project must be programmed in Java. The course may also require the use of additional tools, such as Eclipse, Eclipse plugins, C, assembler, Unix, web servers, and other standard technologies. You either need to be familiar with these technologies or to be committed to investing extra time to learn them as you go. (Part of becoming a professional computer scientist or engineer is learning to adapt quickly to new technologies.)
Objectives
As a result of this course, students will be able to:- Understand common software vulnerabilities and the attacks they enable.
- Design defenses against those attacks.
- Use a major cryptographic API.
- Employ software analysis tools to improve security assurance.
- Integrate security into a software engineering process.
- Critique the security of software designs and implementations.
Grading
Your final grade will be computed as follows:
| 2% | Milestone 0 |
| 40%% | Intermediate Milestones (10% each) |
| 6% | In-class Demos (2% each) |
| 30% | Final Project (Milestone 5) |
| 10% | Final Presentation |
| 10% | Challenge Factor | 2% | Other Factors |
As a general rule of thumb, an A indicates "impressive", a B is just "adequate" and C indicates "many problems."
Grading policies
Late work: Late submissions will not be accepted without my prior approval. I am not likely to give that approval except in documented cases of medical emergency, of campus computing infrastructure failure, etc.
Regrades: For all graded assignments, you may request a regrade if you believe I have made an error in the grading or if you simply want a clarification. There will be a limited window of time (usually about one week after the assignment is returned to you) during which you may request a regrade.
Use CMS to request regrades. You must explain (via CMS) what you believe is wrong or what you don't understand. Be clear and succinct. "I think I deserve a better grade" does not constitute a valid explanation. I reserve the right to regrade your entire assignment. As a result, your grade might go up or down.
Academic integrity
Absolute integrity is expected of every Cornell student in all academic undertakings. You are responsible for knowing and adhering to the Cornell Code of Academic Integrity.
You are free (and even encouraged) to discuss your project with other groups, but all code and documentation must be written by members of your group
I may use automated tools to detect plagiarism. You have been warned.
Statements
On disabilities: If you have a disability-related need for reasonable academic adjustments in this course, provide me with an accommodation letter from Student Disability Services. You are expected to give two weeks notice of the need for accommodation. If you need immediate accommodation, please arrange to meet with me as soon as possible.
On wellness: If you are experiencing undue personal or academic stress at any time during the semester or need to talk to someone who can help, contact me or one of the following resources:
- Engineering Academic Advising at 607-255-7414.
- Learning Strategies Center at 607-255-6310.
- Let's Talk Drop-in Counseling at Gannett or 607-255-5155.
- Empathy Assistance and Referral Service at 607-255-EARS.