Schedule of topics:
The presentation of each of these topics will commence
during each week's Thursday (2 hour) lecture.
Each week's schedule is accompanied by link to the HTML pages
presented in the lecture.
This schedule is almost guaranteed to change.
Please refer to this webpage (not a printed copy) when revising material.
Week 1
Mon 20th July
|
Introduction
to Security and Privacy
(handout  )
administrivia,
kinds of security breaches,
a timeline of recent security violations,
the people involved, motives, goals, and outcomes,
attack tools,
methods of attack.
|
No tutorial or lab this week |
Week 2
Mon 27th July
and
Thu 30th July
|
User authentication
(continues handout from Week 1)
User authentication,
the authentication process,
usernames and passwords,
brute-force cracking,
one-time passwords,
user to machine,
machine to machine.
Operating System security
(handout )
Protecting operating system objects,
protecting memory,
constraining memory accesses,
memory segmentation and paging.
Users and their operating system representation,
supporting groups of users,
properties of the Unix superuser (root),
the root account, root compromises,
the setuid mechanism,
changing and setting user information.
|
Tutorial-1
No lab this week.
|
Week 3
Thu 6th Aug
|
Operating System security - files
and logging
(handout )
File system security,
access constraints using directories,
access control lists (ACLs),
standard Unix file protections and permissions,
additional file protections,
constraining a process's access.
Logging security-related information,
forms of activity logging,
information about individual users,
security of logfiles themselves,
ad-hoc logging via syslogd.
file integrity checking - using tripwire,
rootkits and libkits,
loadable kernel modules.
|
Tutorial-2
Labsheet-1.
|
Week 4
Thu 13th Aug
|
Network security - packet level
security
(handout )
IPv4 protocol based attacks,
packet sniffing,
port scanning,
IPv4 address and DNS spoofing,
denial of service attacks,
distributed denial-of-service (DDoS) attacks.
|
Students who have not previously taken CITS3230 (Computer Networks)
are encouraged to read the '3230 lecture notes:
Lecture-7
and
Lecture-8.
|
|
Labsheet-2.
|
Week 5
Thu 20th Aug
|
Network security - subnet level security
(handout )
Security at the network boundary,
router/firewall packet filtering,
network address translation (NAT),
virtual private networks (VPNs).
|
Tutorial-3
Labsheet-3.
|
Week 6
Thu 27th Aug
|
Security of Wireless Networking
(handout )
An overview of the 802.11 standard,
collision avoidance,
the dangers of wireless networking,
wireless DoS attacks,
the Wired Equivalent Privacy (WEP) algorithm,
WEP encryption and authentication,
problems with WEP Encryption.
|
Tutorial-4
Labsheet-4.
|
Week 7
Thu 3rd Sept
|
Mid-semester test
From 10am in our normal lecture venue,
contributing 20% of the unit's assessment.
|
|
|
Non-teaching week |
Week 8
Thu 17th Sept
|
Basic Cryptography
(handout )
basic terminology,
traditional cryptography,
the influence of computers on cryptography,
symmetric and asymmetric algorithms,
the DES algorithm, ECB and CBC modes,
public key cryptography,
key exchange and management, exchanging messages,
the MIT/RSA algorithm,
hash-functions, message digests,
digital signatures and digitial certificates,
browser support for digital certificates,
certificate path validation,
certificate revocation.
|
No tutorial or labsheet this week.
Project,
contributing 30%,
available Friday 18th Sep,
due 12noon Friday 16th Oct.
|
Week 9
Thu 24th Sept
|
Deploying Cryptography
(handout )
authentication of users over networks,
project Athena and Kerberos,
Netscape's secure sockets layer (SSL).
|
|
Week 10
Thu 1st Oct
|
Robust programming
(handout )
principles for software security,
Open Source software - opportunities and myths.
malicious mobile code,
C's gets() function and the Internet Worm,
buffer overflows,
stack-smashing for fun and profit,
race conditions and symlink attacks,
pseudo random number generators.
|
Tutorial-5
|
Week 11
Thu 8th Oct
|
Robust programming, continued
(handout )
Security of WWW clients and servers,
naive use of the Common Gateway Interface (CGI),
CGI attacks and scanners,
web cookies - are there security concerns?,
browser and server vulnerabilities.
The Java security model,
the class file verifier,
verifying Java bytecodes,
Java security managers.
|
Tutorial-6
|
Week 12
Thu 15th Oct
|
Computer security incident response and support
(handout )
Final lecture.
You've been hacked - now what?,
basic risk managment,
developing a standard incident response policy,
incident priorities,
collecting and reporting evidence,
sources of ongoing information - CERT and AUSCERT, BUGTRAQ.
|
No tutorial this week.
Project,
due 12noon Friday 16th Oct.
|
Week 13
Thu 22nd Oct
|
No lecture
Students are also encouraged to attend the
CSSE Project Seminar Series,
to be presented by CSSE Honours and Masters students in week 13.
|
Tutorial-7
to discuss sample exam paper.
|
|
Top of Page
|
|
CRICOS Provider Code: 00126G
|
|
|
