Robert R. McCormick
and Applied Science
MITP Master of Information Technology Program
458: Information Security and Assurance
I. Course description:
The past decade has seen an explosion in the concern for the security of information. This course introduces students to the basic principles and practices of computer and information security. Focus will be on the software, operating system and network security techniques with detailed analysis of real-world examples. Topics include cryptography, authentication, software and operating system security (e.g., buffer overflow), Internet vulnerability (DoS attacks, viruses/worms, botnets, etc.), intrusion detection systems, firewalls, VPN, Web and wireless network security.
II. Required text and/or other materials:
o Network Security - Private Communication in a Public World, by Charlie Kaufman, Radia Perlman and Mike Speciner, 2nd Edition, Prentice Hall, 2002
o Cryptography and Network Security, by William Stallings, 4th Edition, Prentice Hall, 2006
III. Reference text and/or other materials:
o Writing Secure Code, Michael Howard and David LeBlanc, Microsoft Press, 2002.
Security in Computing, Charles
o Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edition, by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin, Addison Wesley, 2003
o Lecture Notes on Cryptography, by S. Goldwasser and M. Bellare, available online at http://www-cse.ucsd.edu/users/mihir/papers/gb.html
o Also, lecture slides and reference documents will be available online or as handouts.
IV. Required prerequisites or knowledge base:
421 Principles of Computer and Information Technology
432 Communications Networks I
V. Rationale for inclusion in MIT Program:
This course provides students with an extensive understanding of information security management with emphasis on network security. Whereas other courses provide an overview of the basics of the discipline, information security is simultaneously a technical and managerial discipline with enterprise-wide implications for employees, operations and systems at every level. For organizations to successfully implement and manage an effective and efficient security program while managing shifting risks associated with interrelated information technology and decision-making employees, contractors, vendors, and suppliers must understand the concepts, technologies and practices of information security and be able to apply them effectively in their own distinctive areas of responsibility.
VI. Course goal:
1. Understand the fundamental principles and underlying technologies of information security and assurance;
2. Illustrate the security principles with the state-of-the-art security technologies and products through case studies.
VII. Course Objectives:
Upon successful completion of this course, the student should be able to:
· Understand the basic principles for information and communication security, and be able to apply these principles to evaluate and criticize information system security properties
· Be able to identify the vulnerability of the Internet systems and recognize the mechanisms of the attacks, and apply them to design and evaluate counter-measure tools
VIII. Course topics/content (by week):
Week 3 (April 7) [crypto.ppt]:
Cryptography symmetric/asymmetric encryption (Stallings Chapters 2, 3 and 9, KPS Chapters 2, 3 and 5)
· Symmetric encryption case study: DES/AES algorithms
· Asymmetric encryption case study: RSA
· One-way hash function and message digests: MD5, SHA1, SHA2
Week 4 (April 14) [authentication.ppt]:
User authentication and authorization, malcode overview (KPS Chapters 9 and 10)
· Authentication mechanisms: Password authentication, challenge-response authentication protocols, biometrics, token-based authentication (smart card),
· Authentication in distributed systems (case study: Microsoft Passport system)
· Overview on various malcode: virus, worms, botnets, Trojan horses, etc.
· Related paper: Password Security: A Case History, R. Morris and K. Thompson, Communications of ACM, vol.22 no.11, 1979.
Week 5 (April 21) [malcode.ppt]:
Internet vulnerability: worms (Stallings Chapter 19)
· Homework 2 is out.
· Analysis of worms: target discovery, carrier, activation mechanisms, payload and attackers.
· Related paper: A Taxonomy of Computer Worms, N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, the First ACM Workshop on Rapid Malcode (WORM), 2003.
· Related paper (DEBATE): The Internet Motion Sensor: A Distributed Blackhole Monitoring System, M. Bailey, et al, NDSS 2005. Defense: Chris, Offense: Ed.
Internet vulnerability: denial of service (DoS) attacks and spam (Stallings Ch.18 and 19)
· Point-to-point DoS attacks
· Distributed DoS attacks (case study: TCP SYN flooding attacks)
· Intrusion Detection and Prevention Systems
· Related paper: Detecting SYN Flooding Attacks, H. Wang, D. Zhang, and K. G. Shin, in Proc. of IEEE INFOCOM, 2002 [Full version is at Change-Point Monitoring for Detection of DoS Attacks, H. Wang, D. Zhang, and K. G. Shin, in IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 4, December 2004.].
· Related paper (DEBATE): Understanding the Network-Level Behavior of Spammers, A. Ramachandran and N. Feamster, ACM SIGCOMM 2006. [reference slides] Defense: Bruce force, Offense: Loop.
Week 7 (May 5):
· Homework 3 is out.
· Invited talk by Kurtis Minder, CISSP, Mirage Networks Inc.
· Case study of IDS/IPS: snort IDS
· Related Material: http://www.snort.org/docs/
Week 8 (May 12):
Firewalls and Botnets [firewalls.ppt] (Stallings Chapter 20)
· Different types of firewalls: packet filters, application gateway, and circuit gateway.
· Handout from Chapter 9 of Firewalls and Internet Security: Repelling the Wily Hacker.
· Related paper (DEBATE): A Multifaceted Approach to Understanding the Botnet Phenomenon, M. A. Rajab, et al, ACM IMC 2006. Defense: Will [slides], Offense: Bruce force [slides].
Week 9 (May 19):
IP Sec [ipsec.ppt] (Stallings Chapters16 and KPS Chapter 17)
· IP Sec architecture, transport vs. tunnel mode, practical issues w/ NAT
· Information security in real business (case study by Brute-force)
o Hewitt.com redesign by Jorgen (slides removed upon author’s request)
o Security data transfer by Frank
o Intra-company data traversal by Jason
o Web vulnerability and defense by Ron and Yan
Week 10 (June 9):
· Principles for building secure software systems
· Case study: sendmail vs. qmail
· Buffer overflow vulnerability and defense techniques
· Information security in real business (case study by other teams)
o Proactive network security by the Loop Group
o The case for TripWire by TechnoCatz
o Application-layer security by the TechJocks
o Wireless network security by the Campus Crew and Yan
· Related papers:
o Basic Principles Of Information Protection, from “The Protection of Information in Computer Systems”, by J. H. Saltzer and M. D. Schroeder
o Qmail handbook, Ch. 1, Introduction to Qmail
o Smashing The Stack For Fun And Profit, Aleph One.
o Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.The lecture notes have incorporated course materials developed by Dan Boneh (Stanford), Wenke Lee (
I. Teaching methods: lectures, paper presentations, debate, discussions and homework.
In addition to two to three homework assignments, students are expected to engage in technical paper reading, making presentations and debate. These papers are carefully selected (with little math!) which can be understood with the basic information security and networking knowledge. There will be three debates with one group as defense and one group as offense. The defense team will make 25-minute presentation on the main idea/techniques of the paper while the offense team will make a 15-minute presentation on the drawbacks/shortcomings of the approach. Then we will discuss and summarize the findings.
III. Grading criteria:
Class discussions 20%
Class presentations and debate 30%
Homework Assignments 50%
IV. Instructor profile:
Yan Chen is an Assistant Professor
in the Department of Electrical Engineering and Computer Science at
Besides publishing in premier
conferences such as ACM SIGCOMM, he has served on the technical program
committee (TPC) of major networking and security conferences such as ACM
MOBICOM, IEEE INFOCOM, and IEEE ICNP. He
started several security courses at