This page is organized by the weeks of the quarter in which lectures were given. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher. The textbook is Computer Security: Art and Science, by Matt Bishop. Assigned readings are from this book, unless otherwise indicated. Dr. Bishop has also published a second textbook that contains selected sections of this book, with a similar title. I can't guarantee that all material assigned will actually be in this other book, and it will definitely be at different pages if it's there at all.
I will be lecturing on these subjects during the class.
The TA for the course is David Jurgens -- jurgens@cs.ucla.edu. The labs for this course will consist of 5 hands-on, practical and exploratory projects covering security-related topics, plus a small introduction to the lab software. Office hour and discussion section information, the lab manual and all necessary materials for the labs are located here.
As indicated in class, Dr. Reiher is running an NSF-sponsored research study on the effectiveness of using practical exercises as a teaching tool for computer security classes. He has asked students taking the class this quarter if they want to participate in this study. Participation is strictly voluntary and has no effect on one's grade. Details on the study and a copy of the consent form volunteers should sign and return are available here.
Here is a sample final exam from a previous offering of this class. The final you will take will be similar in style, with a combination of multiple choice and short answer questions. None of the questions will be the same, of course, and I do not guarantee that the number of questions of each type will be the same as it was on this sample exam. Slightly different material was covered in the offering of the class this exam was prepared for, so a few questions (like question 18 and question 29) would not be answerable based on the material I lectured on and the readings.
Remember, the final exam is cumulative, covering all material in the class, not just material subsequent to the midterm.
Lecture 19. Note: Because I have fallen behind in the lectures, I will not be able to cover issues of privacy in this class, as planned. In the Powerpoint presentation, however, I have left the privacy slides in. They are in hidden mode, and you are encouraged to look them over and ask me any questions you may have about the topic. The material on these slides will not appear on the final examination, though, and you are not otherwise responsible for it.
No readings assigned for Thursday.
No lecture. Extra recitation section held instead.
NOTE: THERE WILL BE THREE LECTURES THIS WEEK, AND ONLY ONE NEXT WEEK. THE THIRD LECTURE WILL BE IN THE FRIDAY MORNING RECITATION SECTION SLOT, 8-10 AM. IT WILL BE HELD IN 325 BOTANY, THE USUAL LOCATION FOR THE RECITATION SECTION, NOT THE LECTURE HALL. NEXT WEEK, THERE IS NO LECTURE ON TUESDAY. INSTEAD, DAVID JURGENS WILL HOLD AN EXTRA RECITATION SECTION IN THE USUAL LECTURE TIME SLOT (8-10 AM) AND IN 2258A FRANZ, THE NORMAL LOCATION FOR LECTURE SESSIONS.
Textbook: Chapter 21 (pages 571 -608)
No readings assigned for Thursday.
No readings assigned for Tuesday.
Textbook: Chapter 22 (pages 613-641)
Textbook: Chapter 25 (pages 723-767)
Web link (not required reading):
SANS' frequently asked question page on intrusion detection contains and links to a lot of useful information, without trying to sell you on a particular product.
No new readings assigned for today.
The home page for the Honeynet project. You are not required to read or investigate this page, but if you find the concept of honeypots and honeynets particularly interesting, this is a good place to learn more.
No new readings assigned for today.
Textbook: Chapter 26 (pages 773-799)
Web links (not required, but may prove helpful in understanding SYN cookies):
SYN Cookies, D. J. Bernstein. A good explanation of the details of SYN cookies to handle TCP SYN floods.
Midterm.
Textbook: Chapter 24. (Pages 689-719)
Textbook: Chapter 17, sections 17.1-17.3 and 17.3.3 (pages 439-448 and pages 467-470). You don't need to read sections 17.3.1 or 17.3.2, which give a more formal and detailed approach to covert channels than required for this class.
Textbook: Chapter 12 (pages 309-335)
Web links:
A discussion on choosing secure passwords.
A short essay on the limits of using biometrics by Bruce Schneier. This essay is embedded in a longer newsletter. You need only read the section titled "Biometrics in Airports".
No assigned readings for today.
No readings assigned for today.
Textbook: Chapter 10, sections 10.1, 10.3, 10.4, and 10.5 (pages 245-246, 252-266)
Textbook: Chapter 9, sections 9.2.2.2-9.7 (pages 227-241)
Textbook: Introduction to Section IV and Chapter 9, sections 9.1-9.2.2.1 (pages 215-227).
Textbook: Chapter 4, Sections 4.1-4.6 (pages 95-114), Sections 5.1-5.2.2 (pages 123-132), Sections 6.1-6.2 (pages 151-155), Sections 7.1 (pages 169-177)
Textbook: Chapter 2 (pages 31-44) and Chapter 15 (pages 381-396).
Textbook: Chapter 1 (pages 1-25)
Discretionary reading:
Web links:
Improving the Security of Networked Systems, Julia Allen, Christopher Alberts, Sandi Behrens, Barbara Laswell, and William Wilson.
Why Computers Are Insecure, Bruce Schneier. (The link leads to an entire web page on various security subjects. Read it all, if you want, but the assignment is only this essay, which is around a page and a half.)
Social Engineering Fundamentals, Part I: Hacker Tactics Sarah Granger.