EECS 765, Fall 2020

Introduction to Cryptography and Computer Security


Course Goals

The overall goal of the course is to provide a solid theoretical foundation and hands-on experience in applying the theory to practice for cryptography, computer and communication security. The course materials cover common attack techniques, application of cryptography in security, authentication and authorization, network security, enterprise network defense, web security, and economics of cybersecurity. Besides the mechanisms for enhancing security that will be taught, a significant part of the course is dedicated to discussions on how design flaws in a system can be exploited to compromise security and, in general, the circumstances that lead to things going wrong. Students will have the opportunity to work on course projects that cover both the defense and offense aspects in the cyber space. Interesting research topics may be derived from course projects.

Course Schedule

Updated on a regular basis. Use your KU Online ID (all numeric is not correct) and password to access the slides and other materials.

Aug 25, 2020
online
Lecture 1

Introduction

Supplemental readings:
  • (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 1
video, slides
Aug 27, 2020
online
Lecture 2

Buffer Overflow Exploit
The source code getscore.c The sample score file score.txt
Supporting older ciphers and key exchange protocols on newer SSH clients.
Virtual machine used in the demonstration redhat8.

Supplemental readings:
video, slides
Sep 1, 2020
online
Lecture 3

Buffer Overflow Exploit (continued)

Supplemental readings:
video
Sep 3, 2020
online
Programming Assignment 1 (Lecture 4) Remote Buffer Overflow Attack pa1, video
Sep 8, 2020
online
Lecture 5 Mitigation of Buffer Overflow Exploits video, slides
Sep 10, 2020
online
Lecture 6

Mitigation of Buffer Overflow Exploits (continued)

Reading Assignment Evaluation Sheet

Reading Assignment 1 (Presentation 1, Presentation 2): Return-Oriented Programming: Systems, Languages, and Applications

Reading Assignment 2 (Presentation 3, Presentation 4): Hacking Blind.

Supplemental readings:
video, slides
Sep 15, 2020
online
Lecture 7

Basic Cryptography

Reading Assignment 3 (Presentation 5, Presentation 6): Framing Signals - A Return to Portable Shellcode.

Reading Assignment 4 (Presentation 7, Presentation 8): ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks.

Supplemental readings:
  • (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 10
video, slides
Sep 17, 2020
online
Lecture 8

Authentication and Authorization

Supplemental readings:
  • (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 13
video, slides
Sep 22, 2020
online
Lecture 9

Practical Authentication Protocols

Reading Assignment 5 (Presentation 9, Presentation 10): How to Make ASLR Win the Clone Wars: Runtime Re-Randomization.

Reading Assignment 6 (Presentation 11, Presentation 12): Shuffler: fast and deployable continuous code re-randomization.

Reading assignment 7 (Presentation 13, Presentation 14): FuzziFication: Anti-Fuzzing Techniques

Supplemental readings:
video, slides
Sep 24, 2020
online
Homework 1
(Lecture 10)

Man-in-the-Middle Attacks

Supplemental readings:
hw1, video, slides
Sep 29, 2020
online
Lecture 11

Authentication in a Distributed Environment (Kerberos)
PA1 feedback: video

Supplemental readings:
video, slides
Oct 1, 2020
online
Presentations
(Lecture 12)

Reading Assignment Presentations:

Reading Assignment 1: Presentation1, Presentation2

Reading Assignment 2: Presentation3, Presentation4

Oct 6, 2020
online
Presentations
(Lecture 13)

Reading Assignment Presentations:

Reading Assignment 3: Presentation5

Reading Assignment 4: Presentation7, Presentation8

Oct 8, 2020
online
Programming Assignment 2
(Lecture 14)

Heap Buffer Overflow Attacks
The source code: heap.c
The exploit code: heap_exploit.c

Supplemental readings:
pa2, video, slides
Oct 13, 2020
online
Final Report
(Lecture 15)

Public-Key Infrastructure (PKI)

Final Report - Requirements, Guidelines, and Example Topics
Report Topics Due: Oct. 27, 2020
Final Report Due: Dec. 3, 2020

Supplemental readings:
final-report, video, slides
Oct 15, 2020
online
Lecture 16

Introduction to Network Security
Homework1 feedback: video

Supplemental readings:
video, slides

Instructor and Course Meeting Times

Lectures Organized in an online format (see Lecture 1 for more details)
Instructor Alex Bardas
Office Hours: Tuesday 1:15pm - 2:15pm & Thursday 2:30pm - 3:30pm, and by email appointment
Zoom meeting details
: alexbardas ku edu
Grader Yousif Dafalla
Office Hours: By email appointment
Zoom meeting details
: yousif.dafalla ku edu

Prerequisites

Operating systems (e.g., EECS 678 or EECS 750) and computer networking (e.g., EECS 563 or EECS 780), or the instructor's approval. In other words, a basic understanding of computer systems, including operating systems, networking, compilers, data structures, etc. This is a course that is primarily targeted at graduate students and at junior/senior-level undergraduate students in computer science and computer engineering.

Technical Support

If you experience any problems with lab equipment or your EECS account, contact the Engineering Technical Support Center immediately. Please be polite and as detailed as possible: Ticket Form

Optional Textbook

Matt Bishop. 2019 Computer Security [Art and Science], 2nd Edition. Addison-Wesley Professional.

Important Dates

See the KU Registrar for important dates involving adding, drops, and refund information.

Grading

There will be on average one assignment per week, which could be a written homework, a programming project, or a reading assignment. At the end of the semester, you must also turn in a final report that focuses on a specific problem in computer and information security. The topics for the report will be seeked out by the students and approved by the instructor. There will also be a final exam. The break down of the final score of the course is:
Programming assignments & homeworks 50%
Final exam 25%
Final report 15%
Reading assignment
(includes recorded presentation & questions)
10%
Grading scheme. (The instructor also intends to curve raw scores at the end of the semester)
A 90% +
A- 88% - 89%
B+ 86% - 87%
B 80% - 85%
B- 78% - 79%
C+ 76% - 77%
C 70% - 75%
C- 60% - 69%
D/F   0% - 59%

Assignment Submission

Usually assignments are due at 11:59PM Central Time via Blackboard (unless otherwise specified) according to the date posted in the assignment. In general, expect a 20% per day penalty for late submissions. One minute or 23 hours still count as a whole late day. Each calendar day counts as a late day. In case a solution will be made available by the instructor, late submissions will no longer be accepted.

Student Outcomes

After successful completion of this course, students should be able to:

Academic Integrity

Cheating and plagiarism will not be tolerated and will be treated severely whenever found. Unless an assignment explicitly states otherwise, all work submitted for credit must be the student's own and is subject to the provisions of the University of Kansas policies. Sharing your work or copying is cheating, and submitting a work that is not all yours is also considered cheating. Any cheating activities will result in an F for the course for all parties involved. Reports of such detected academic misconduct will also be made to your major department, school/college, and university, which oftentimes will result in more serious sanctions. Students should review the university policy on Academic conduct. "Academic integrity is a central value in higher education. It rests on two principles: first, that academic work is represented truthfully as to its source and its accuracy, and second, that academic results are obtained by fair and authorized means. Academic misconduct occurs when these values are not respected. Academic misconduct at KU is defined in the University Senate Rules and Regulations." -- KU Student Affairs
From Section 2.6.1 of the University Senate Rules and Regulations: Academic misconduct by a student shall include, but not be limited to, disruption of classes; threatening an instructor or fellow student in an academic setting, giving or receiving of unauthorized aid on examinations or in the preparation of notebooks, themes, reports or other assignments; knowingly misrepresenting the source of any academic work; unauthorized change of grades; unauthorized use of University approvals or forging of signatures; falsification of research results, plagiarizing of another’s work; violation of regulations or ethical codes for the treatment of human and animal subjects; or otherwise acting dishonestly in research.

Citing Sources: If you use any code, such as a library or existing codebase, you must cite it. Not doing so is considered plagiarism and cheating.

See Lecture 1 slides and video for more details on the collaboration policy. If you are in doubt, please ask.

Accommodations for Students with Disabilities

The Academic Achievement & Access Center (AAAC) coordinates academic accommodations and services for all eligible KU students with disabilities. If you have a disability for which you wish to request accommodations and have not contacted the AAAC, please do so as soon as possible. They are located in 22 Strong Hall and can be reached at 785-864-4064 (V/TTY). More information can be found on the Student Access Services website. Please contact the instructor privately in regard to your needs in this course.

Expectation of Online Discussion Conduct

The instructor, Alexandru G. Bardas, considers the Zoom meeting environment to be a place where you will be treated with respect as a human being - regardless of gender, race, ethnicity, national origin, religious affiliation, sexual orientation, gender identity, political beliefs, age, or ability. Additionally, diversity of thought is appreciated and encouraged, provided you can agree to disagree. Activities within the University of Kansas community, including this course, are governed by the Code of Student Rights and Responsibilities. It is the instructor's expectation that ALL students experience the Zoom meeting as a safe environment.

Notice of Copyright and Commercial Note-taking

All recorded lectures and course materials (such as lecture slides) carry a copyright of several authors, including Xinming Ou and Alexandru G. Bardas. Some additional content is adapted from the BlackHat Exploit Laboratory (thanks to Saumil Shah and S.K. Chong for kindly permitting the use of those materials in this course). Pursuant to the University of Kansas’ Policy on Commercial Note-Taking Ventures, commercial note-taking is not permitted in EECS 765 - Introduction to Cryptography and Computer Security (Fall 2020). Lecture notes may be taken for personal use, for the purpose of mastering the course material, and may not be sold to any person or entity in any form. Any student engaged in or contributing to the commercial exchange of notes or course materials will be subject to discipline, including academic misconduct charges, in accordance with University policy. Please note: note-taking provided by a student volunteer for a student with a disability, as a reasonable accommodation under the ADA, is not the same as commercial note-taking and is not covered under this policy.

Acknowledgments

The course materials are adapted from a previous version of the course taught by Xinming (Simon) Ou together with Xiaolong (Daniel) Wang. Some additional materials are adapted from the BlackHat Exploit Laboratory (thanks to Saumil Shah and S.K. Chong who kindly permit the use of their materials).