Course F21CN: Computer Network Security

• Home
• Course structure
• Slides
• Exercises
• Coursework
• Reading List
• News

Course F21CN: Computer Network Security

This page collects material for my part of the course F21CN Computer Network Security. This course is delivered by Hans-Wolfgang Loidl, Hamish Taylor and Lilia Georgieva.

Purpose and Learning Objectives

The purpose of Course F21CN Computer Network Security is to provide a solid understanding of the main issues related to security in modern networked computer systems. This covers underlying concepts and foundations of computer security, basic knowledge about security-relevant decisions in designing IT infrastructures, techniques to secure complex systems and practical skills in managing a range of systems, from personal laptop to large-scale infrastructures. The course structure is designed to provide solid foundations in the first half of the course, and discuss concrete application scenarios in the second half.

Learning Objectives:

• Extensive, detailed and critical understanding of the concepts, issues, principles and theories of computer network security
• Detailed and practical understanding of formalisms for specifying security related properties and validating them using model checking
• Critical theoretical and detailed practical knowledge of a range of computer network security technologies as well as network security tools and services
• Practical experience of analysing, designing, implementing and validating solutions to computer network security challenges using common network security tools and formal methods.

Skills imparted:

• Understand the concepts and foundations of computer security, and identify vulnerabilities of IT systems.
• Use basic security tools to enhance system security.
• Develop basic security enhancements in stand-alone applications.

Pre-requisites:

• Basic knowledge of computer networking,
• Foundational knowledge of formal methods,
• Basic Linux and shell usage,
• Solid Java programming skills.

Course Structure

• 2 lectures per week
  • Wed 9:15 EM 3.07
  • Thu 10:15 EM 1.83
• 1 lab per week (with more labs scheduled on demand)
  Mon 17:15 EM 2.50 (Linux lab) (1st Week in EM 1.83)

Below is the planned structure of the course, subject to changes. Check the News section on the right hand side and the Vision pages about any changes.

• Week 1: Overview of the course and security in general. (HWL) Network security concepts. (HT)
• Week 2: Cryptography overview and concepts. (HWL)
• Week 3: Cryptography. (HWL)
• Week 4: X.800 model, attacks, mechanisms, services, signatures and certificates (HT)
• Week 5: Hash functions for data integrity. Identification and authentication. (LG)
• Week 6: Logics for security (LG)
• Week 7: Model checking for security. (LG)
• Week 8: Secure Key exchange. Firewalls and Intrusion Detection Systems. (HT)
• Week 9: Network security tools. Web and E-mail security. (HT)
• Week 10: Operating system security (HWL)
• Week 11: Proof carrying code (HWL)
• Week 12: Case study (LG). Revisions (HWL,HT,LG)

Assessment consist of two parts

• 60% Coursework, consisting of 3 pieces:
  • 1. Cryptography Planned deadline: 12th October (Week 5)
  • 2. Certificates for network security Planned deadline: 9th November (Week 9)
  • 3. Formalising security properties Planned deadline: 30th November (Week 12)
• 40% Exam:
  • 2 hours, written exam
  • topics from across the course
  • during exam period: 3-14th December
• Re-assessment is possible in summer (exam)

Learning Material

Slides for the lectures up to now (see also the Learning Material section on Vision):

• Week 1: Overview (4up), Computer Security Landscape (4up), Cryptography Overview (4up).
• Week 2: Cryptography (4up).
• Week 3: on Vision
• Week 4: on Vision
• Week 5: on Vision (Lilia's Lecture Notes)
• Week 6: on Vision (Lilia's Lecture Notes)
• Week 7: on Vision (Lilia's Lecture Notes)
• Week 8: on Vision
• Week 9: on Vision
• Week 10: Operating System Security (4up).
• Week 11: Proof-Carrying-Code (4up).
• Week 12: Revision

Coursework

Coursework 1 is available here (deadline see above). Resources, such as word list etc, can be downloaded following the hyperlinks in the .pdf document. This handout describes the software necessary to perform all tasks which is installed on the Linux lab machines. You can use your own laptop, if you wish. I recommend to use Linux for all pieces of coursework. OpenSSL should come with any major, recent Linux distribution. The only non-standard piece of software is \texttt{shed} (or any other hex-editor), which you may have to download and install from sources (that's what I did). Happy hacking!

See also: Coursework 1 Resources, Coursework 1 Marking Scheme

Related Courses and Acknowledgements

The coursework will be based on the lab exercises from the SEED project: The SEED project.

There are several excellent courses in this area online. In particular, we'd like to thank David Aspinall for granting us access to his teaching material. His course page also contains a detailed reading list.

Reading List

The material presented in the lectures is largely self-contained. However, to deepen your understanding you are encouraged to look up the following textbooks and papers. The main resources for this course are:

• Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security, Addison Wesley, 2011. ISBN: 0-32-151294-4
• Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, ISBN: 0-8493-8523-7 October 1996.
• Bruce Schneier, Applied Cryptography, John Wiley & Sons, 1996. ISBN 0-471-12845-7. On-line version.
• William Stallings, Network Security Essentials: Applications and Standards, Prentice Hall, 4th edition, 2010. ISBN 0-13-610805-9.

General Computer Security

• Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security, Addison Wesley, 2011. ISBN: 0-32-151294-4

  Good general, up-to-date introduction to the entire range of computer security, with very useful practicals from the SEED project.

• Dieter Gollmann, Computer Security, John Wiley & Sons, 3rd edition, 2010.

  Well-established textbook with general coverage of computer security.

• Matt Bishop, Computer Security: art and science, Addison Wesley, 2003.

  Good general coverage of computer security.

Computer Network Security:

• William Stallings, Network Security Essentials: Applications and Standards, Prentice Hall, 4th edition, 2010. ISBN 0-13-610805-9.
• Joseph Migga Kizza, A Guide to Computer Network Security, Springer 2009. ISBN 978-1-84800-916-5.

  Good coverage across the field of network security, with detailed coverage of network protocols, certificates etc.

Cryptography:

• Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 2001. ISBN 0-8493-8523-7

  The bible/koran of cryptography, with detailed coverage of foundations, mathematical background, and efficient implementation of cryptographic algorithms. Fully available online.

• Bruce Schneier, Applied Cryptography, John Wiley \& Sons, 1996. ISBN 0-471-12845-7. On-line version.

  Cryptography from a more practical, programming side, including source code etc. Fully available online

• Nigel Smart, Cryptography: An Introduction, On-line version

  General introduction to security, fully available online, but a bit dated.

• William Stallings, Cyptography and Network Security, Pearson, 3rd edition, 2003. ISBN 0-13-111502-2

Security Mangement:

• Edward Skoudis, Tom Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses Prentice Hall, 2nd edition, 2006. ISBN 0131481045.

  A useful practical handbook for system administrators and a resource for securing your own systems.

• Mark Burgess, Principles of Network and System Administration, John Wiley \& Sons Ltd, 2nd Edition, 2004. ISBN 978-0-470-86807-2.

  Network security from a sysadmin point of view, with practical guidelines.

• Limoncelli, Hogan and Chalup, The Practice of System and Network Administration Addison Wesley, 2nd Edition, 2007. ISBN 978-0-321-49266-1.

  Handbook for system management from a business management point of view. Detailed coverage of good practice guidelines, not very detailed in the underlying techniques or foundations.

Security Engineering

• Ross Anderson, Security Engineering, John Wiley \& Sons Ltd, 2001. On-line version

  Security from an engineering and system building point of view, focusing on how to build secure systems in-the-large. An old edition of this book is fully available online.

• A Guide to Building Secure Web Applications, On-line book

  Security engineering specifically for web applications.