CS 491/591 Introduction to Computer Security - Spring 2018

Instructor Contact

Dr. Charles V. Wright
Office: FAB 120-25
Phone: 503-725-4252
Email: cvwright cs pdx edu (fill in the missing punctuation)
Office Hours: T 2:30-4:30pm, or by appointment

Course Information

Time: Mondays and Wednesdays, 2:00-3:50pm
Location: KMC 385

For more details, see the full PDF version of the syllabus.

Course Schedule

Date Topics and Readings Homework
Apr 2 Introduction
  • Administrivia
  • Course overview
Program Layout in Memory
  • If you need a refresher on C or x86 assembly language programming, look through Chapter 0x200 in Erickson after class. Follow along with his examples using gdb.
  • Also see Gustavo Duarte's Anatomy of a Program in Memory for another view of the same topic.
Software Vulnerabilities and Exploits - Part 1
  • See also pp. 115-142 in Erickson.
Homework 1

Watch after class:
Apr 4 Software Security
  • Stack Buffer Overflows
  • Code Injection Attacks
Read before class:
Apr 9 Stack-based Defenses
  • StackGuard and stack canaries
More Software Defenses
  • Virtual memory review
  • System-level defenses: ASLR and DEP
Read before class:
Apr 11 Intro to the Seclab
  • Logging into your VM
  • Capturing your first flag
More Software Attacks
  • Format string attacks
  • Heap overflow attacks
  • Return-oriented programming
Read before class: Newsham, T. Format String Attacks

Homework 2 due Wed, Apr 18
Apr 16 Symmetric Cryptography
  • Ancient "classical" ciphers
  • Block ciphers and stream ciphers
  • Hash functions and message authentication codes
Read before class: Anderson, Chapter 5: Cryptography
Apr 18 Authentication
  • Password hashing
Homework 2 due 10:00pm
Apr 23 TBD: Prof. Wright in London Homework 3 due Wed, May 2nd
Apr 25 TBD: Prof. Wright in London
Apr 30 Midterm Exam
May 2 Authenticated Encryption

Public Key Cryptography
  • Public key encryption
  • Digital signatures
May 7 Disk and Filesystem Encryption Homework 4 assigned
May 9 Authorization
  • Access control lists
  • Capability systems
May 14 Mandatory Access Control
  • Confidentiality policies: Bell-LaPadula
  • Integrity policies: Biba
Read before class: Anderson, Chapter 8: Multilevel Security
May 16 Malicious Code
  • Viruses
  • Worms
  • Botnets
May 21 Audit: Intrusion Detection and Antivirus
May 28 Memorial Day: NO CLASS
May 30 Data Security and Privacy
  • GDPR and Personally Identifiable Information (PII)
  • Data minimization mechanisms (redaction, bucketing, ...)
  • Data privacy definitions: k-Anonymity and Differential Privacy
June 4 Access Control and the World-Wide Web
June 6 Special Topics BONUS Homework 5
June 13 Final Exam 12:30-2:20pm