CS 588: Security and Privacy in Networked and Distributed Systems

Announcements

  • Assignment 1 (Due Apr 1): Chapter 11: 2, 4, 6, 7, 9, 11, 12, 14, 16, 18, 23, 24, 27
  • Assignment 2 (Due Apr 8): Chapter 12: 1-9
  • Assignment 3 (Due Apr 15): Chapter 13: 1-10
  • Please visit the Center for RITES for more information about computer security at UIC.

We will probably have a test and a final this time.

Required Text

: >We'll be using my manuscript, the first part of which is used in CS 587, supplemented by papers and perhaps some other text. It is 404 pages at this point plus front and back matter, and covers a superset of the material covered in class. (Published texts only covered about 30-40% of the course material). The reason I've switched over to this is so that:
  • Lecture notes can cover material at a higher level, details and extensive examples in the text.
  • Students will have a source for more in-depth coverage of the material with examples than possible with existing texts.
  • The course is oriented towards security properties, which is new work.
  • This is the most effective way to refine the course and technical details.

Recommended Reading:

  • Ross Anderson, Security Engineering, John Wiley. (Really nice discussions of many topics and very readable. Highly recommended.)
  • Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security: Private Communication in a Public World, 2nd ed., Prentice-Hall, 2002.
  • Pfleeger and Pfleeger, Security in Computing, Prentice-Hall, 3rd Edition. (Used last time for this course, good coverage of OS issues.)
  • Gollmann, Computer Security, John Wiley. (Broad coverage, but terse)
  • KernelSec Page This is the home page to my KernelSec project with lots of links to things including a 50+ page annotated bibliography I put together.

Description:

This course explores in depth Security and Privacy on Networked and Distributed Systems. While CS 587 covered protection on a single, but shared system, CS 588 will examine the issues that enter when multiple organizations are connected via networks.

This course will examine:

  • Applied Cryptography: Encryption, Decryption, and Authentication requirements and assumptions: Public Key, Private Key, Cryptographic hashing.
  • Networking Issues Security Protocols including authentication and shared key; Distributed Denial of Service including attack taxonomy and Defenses.
  • Distributed systems: Theory of Distributed authentication; Certificate based systems; Kerberos; Trust negotiation systems;
  • Privacy Anonymity (onion ring), Steganography

This is a systems course, and while it is intended to be self-contained will explore issues in networking, distributed systems, and operating systems to understand the impact of systems on protection.

Required Work

The work is going to include:
  • test(s) on prepared material,
  • homeworks (written and at least one programming assignment)
  • present a paper, and
  • a course project. The course project can either be
    • an implementation project,
    • possibly a project where you install and validate some software, or
    • a written project.
    The last 2 course project choices will require a 15 minute classroom presentation.

Undergraduates wishing to take the course should send me email with the following information:

  • Number of completed credit hours
  • Any required courses not yet taken.
  • List of 400 level courses taken (and grades achieved).
  • Background in OS (including kernel background)
  • Are you requesting course count as a technical elective (this will be harder)
  • Have you filed a petition?
  • Reason for wanting to take the course