CS 493 / 693  Computer Security I

Meets 11:30-1pm Tuesday & Thursday in Chapman 206.

Announcements

• Detailed grade info is on NetRun's grading section.  Have a good winter break!
• Project 2 presentations are during the final exam timeslot this Tuesday from 10:15 a.m.-12:15 p.m in our usual classroom. Be ready to present 10 minutes of carefully prepared material.
• The take-home Final Exam is due Thursday, December 14 on Blackboard by midnight (you'll need to log in to blackboard first).
  • Exam bug: problem 0.g asks about a "balance string", but there is no such thing in the program.  I meant "name string", like all the other questions.
• Your Project 2 final version is due Thursday, December 14 on Blackboard by midnight (you'll need to log in to blackboard first).
• Project 2 rough drafts are due Tuesday, December 5 on Blackboard by midnight (you'll need to log in to blackboard first).
• Project 2 initial topics are due in class Thursday, November 30.
• Homework 3 is to build a working chroot jail for lolladolla.py: it will need python3 running from an account named "billz" and network access from inside the jail.  Due Thursday, November 16 on Blackboard by midnight (you'll need to log in to blackboard first).
  • I will grade this by issuing the following on a 64-bit linux machine:
  • tar xzvf your_chroot.tgz
  • sudo chroot --userspec=billz lolladolla
  • cd srv/lolladolla
  • python3 lolladolla.py
  • Navigate to http://localhost:8080
• The take-home midterm exam is due Thursday, November 2 on Blackboard by midnight (you'll need to log in to blackboard first). There are separate documents for the CS 493 midterm exam and the CS 693 midterm exam.
  • 5pm 10/26 update: the pubkey and name strings are now sanitized with a regex to prevent "Show All" from filling up with cats.  (Even though the cats were awesome!)   To pass the regex the public key should consist only of hex digits, and the name should be alphanumeric without special characters.  
• Project 1 final writeups are due Tuesday, October 31 on Blackboard by midnight (you'll need to log in to blackboard first). Grading will be a combination of ambition (how much work you attempted), completeness (how much work you got done), and presentation (how good the final result looks).  You should include at least a brief writeup even if your final project is mostly code.  For files bigger than a few megs, please just give me a screenshot, web link, or a thumb drive rather than breaking Blackboard!
• Project 1 presentations are in class October 17 & 19. 
• Project 1 rough drafts are due electronically by Thursday, October 12, on Blackboard by midnight (you'll need to log in to blackboard first).  I'd prefer screenshots, executables, or packet logs to huge virtual machines!
• Project 1 topics are due Tuesday, October 3, in class.
• Homework 2 is due before midnight Thursday, September 21.
  • Wait until this Friday at noon
  • Pick any one of the 2017 CSAW CTF Challenges worth >1 point (I will send you the login creds)
  • Solve the problem (find the flag)
  • Turn in your data or code, and a very short writeup (1 paragraph maximum) on Blackboard by the deadline (you'll need to log in to blackboard first).
• Homework 1 on binary files and password recovery is due before midnight Thursday, September 14.
• Homework 0 on SQL and Virtual Machines is due in class Tuesday, September 5.

Reference Material

• 12/07 Lecture: Physical Security
• 12/05 Lecture: Cryptocurrency & Blockchain
• 11/30 Lecture: Intrusion Detection
• 11/28 Lecture: Return-Oriented Programming (ROP)
• 11/21 Lecture: Buffer Overflow part 3: Metasploit
• 11/16 Lecture: Buffer Overflow part 2: smashing the stack
• 11/14 Lecture: Buffer Overflow part 1: pointer overwrite bugs
• 11/09 Lecture: Recurring Security Failures
• 11/07 Lecture: Cloud Security
• 11/02 Lecture: UNIX setuid and LD_PRELOAD tools
• 10/31 Lecture: Detecting & preventing changes to the OS
• 10/24 Lecture: The web stack: HTTP, JavaScript, Cookies
• 10/12 Lecture: The Annotated Network Protocol Stack: link layer to social media
• 10/10 Lecture: HTTPS Certificate Signing
• 10/04 Lecture: RSA Encryption & RSA Signatures: Underlying Math
• 10/02 Lecture: Diffie-Hellman Key Exchange in a prime field
• 09/28 Lecture: SHA256 Hash Algorithm
• 09/26 Lecture: Cryptanalysis using CBMC / SAT Solver
• 09/21 Lecture: Cryptanalysis: Correlations in Ciphertext
• 09/19 Lecture: Encryption & RC5
• 09/14 Lecture: Disk Search & Seizure
• 09/12 Lecture: Whole Disk Encryption
• 09/07 Lecture: Reading and Writing Binary Data Files
• 09/05 Lecture: Data Storage Abstractions & Recovering Hashed Passwords
• 08/31 Lecture: Network Servers and PHP
• 08/29 Lecture: Secrets
• CS 493 syllabus
• The stacked graduate section CS 693 syllabus

Orion Lawlor

• Associate Professor, Computer Science
• University of Illinois, Urbana-Champaign 2004 Ph.D.
• Computer graphics; parallel programming; robotics; 3D printing.
• Duckering 529
• 907-474-7678

Office Hours:

• By Appointment

• lawlor@alaska.edu