Schedule of topics:

This schedule is almost guaranteed to change. Please refer to this webpage (not a printed copy) when revising material.

Week 1 Tue 29th July	Introduction to Security and Privacy (handout) administrivia, kinds of security breaches, a timeline of recent security violations, the people involved, motives, goals, and outcomes, attack tools, methods of attack. User authentication, the authentication process, usernames and passwords, brute-force cracking, one-time passwords, user to machine, machine to machine.	No lab this week
Week 2 Tue 5th Aug	Operating System security (handout) Protecting operating system objects, protecting memory, constraining memory accesses, memory segmentation and paging. Users and their operating system representation, supporting groups of users, properties of the Unix superuser (root), the root account, root compromises, the setuid mechanism, changing and setting user information.	Tutorial-1 Labsheet-1.
Week 3 Tue 12th Aug	Operating System security - files and logging (handout) File system security, access constraints using directories, access control lists (ACLs), standard Unix file protections and permissions, additional file protections, constraining a process's access. Logging security-related information, forms of activity logging, information about individual users, security of logfiles themselves, ad-hoc logging via syslogd. file integrity checking - using tripwire, rootkits and libkits, loadable kernel modules.	Labsheet-2.
Week 4 Tue 19th Aug	Network security - packet level security (handout) IPv4 protocol based attacks, packet sniffing, port scanning, IPv4 address and DNS spoofing, denial of service attacks, distributed denial-of-service (DDoS) attacks. Students who have not previously taken CITS3230 (Computer Networks) are encouraged to read the '3230 lecture notes: Lecture-7 and Lecture-8.	Tutorial-2 Labsheet-3.
Week 5 Tue 26th Aug	Network security - subnet level security (handout) Security at the network boundary, router/firewall packet filtering, network address translation (NAT), virtual private networks (VPNs).	Labsheet-4.
Week 6 Tue 2nd Sept	Security of Wireless Networking (handout) An overview of the 802.11 standard, collision avoidance, the dangers of wireless networking, wireless DoS attacks, the Wired Equivalent Privacy (WEP) algorithm, WEP encryption and authentication, problems with WEP Encryption.	Tutorial-3 Labsheet-5.
Week 7 Tue 9th Sept	Mid-semester test From 10am in our normal lecture venue, contributing 20% of the unit's assessment.
Non-teaching week
Week 8 Tue 23rd Sept	Basic Cryptography (handout) basic terminology, traditional cryptography, the influence of computers on cryptography, symmetric and asymmetric algorithms, the DES algorithm, ECB and CBC modes, public key cryptography, key exchange and management, exchanging messages, the MIT/RSA algorithm, hash-functions, message digests, digital signatures and digitial certificates, browser support for digital certificates, certificate path validation, certificate revocation.
Week 9 Tue 30th Sept	Deploying Cryptography (handout) authentication of users over networks, project Athena and Kerberos, Netscape's secure sockets layer (SSL).	Project, contributing 30%, handed out this week, due 12noon Friday 24th Oct.  Tutorial-4
Week 10 Tue 7th Oct	Robust programming (handout) principles for software security, Open Source software - opportunities and myths. malicious mobile code, C's gets() function and the Internet Worm, buffer overflows, stack-smashing for fun and profit, race conditions and symlink attacks, pseudo random number generators.
Week 11 Tue 14th Oct	Robust programming, continued (handout) Security of WWW clients and servers, naive use of the Common Gateway Interface (CGI), CGI attacks and scanners, web cookies - are there security concerns?, browser and server vulnerabilities. The Java security model, the class file verifier, verifying Java bytecodes, Java security managers.	Tutorial-5
Week 12 Tue 21st Oct	Computer security incident response and support (handout) Final lecture. You've been hacked - now what?, basic risk managment, developing a standard incident response policy, incident priorities, collecting and reporting evidence, sources of ongoing information - CERT and AUSCERT, BUGTRAQ.	Project, due 12noon Friday 24th Oct.
Week 13 Tue 28th Oct	No lecture Students are also encouraged to attend the CSSE Project Seminar Series, to be presented by CSSE Honours and Masters students in week 13.	Tutorial-6 to discuss sample exam paper.