Time span: July 30, 2015 to Nov. 20, 2015

Academic integrity: Read the honor code carefully if you are taking or planning to take this course.

InstructorSouradyuti Paul (Office hours: 5:50 to 6:30pm, Mo & Th, venue: the patio facing block 7)

Lecture times & venue: 6:30 to 8pm, Mo & Th, Room: 7/206

Group email/discussion forum: 2015-CS431.pvtgroup@iitgn.ac.in  (private group, reg. required). Click here to join the group. 

Teaching assistant: Priodyuti Pradhan, CSE PhD student (Office hours: by appointment) 

Reference books:
- Main textbook: Introduction to computer security, Michael Goodrich & Roberto Tamassia 
- Craft of system security, Sean Smith and John Marchesini 
- Cryptography and network security, W. Stallings (5th Edition)

Target audiences: B.Tech (third/fourth year), M.Tech/M.Sc and PhD


- CS 321 (Algorithm analysis and design) or instructor's consent
- ES 102 (Introduction to computing) or ES 112 (Computing) 

Total course credits: 4

Grading policy: 
  • New credit system: 3-0-0-4 (L-T-P-C) 
  • Midsem exam: 25% 
  • Endsem exam: 30% 
  • Home assignments: 20% 
  • Class quizzes: 10% 
  • Project: 10% 
  • Attendance: 5%

Cautionary information: This course exposes you to various security vulnerabilities of computing systems and networks. By joining this course, you explicitly agree to not test your knowledge by breaking into, compromising, or otherwise disrupting any computing systems within or outside the IIT Gn networks, unless you obtain prior permissions of the competent authorities to do so. Any transgression will attract severe disciplinary actions.  

Goals and coverage: The purpose of this course is to introduce to the students the bare bones of the computing systems and networks, as well as a few security issues associated with it at various levels. We divide the security of computing systems into three major parts: software, network and web security. The plan is to understand the following subtopics, at a minimum, as they come under these three divisions. 
  • Software security: Basics of OS; OS security fundamentals; injection vulnerabilities; buffer overflows; access control; sandboxing; malware: viruses and worms; writing secure code.
  • Network security: Basics of networking; security of TCP and DNS protocols; firewalls, VPNs and intrusion detections; denial of service (DoS) attacks.
  • Web security: Web basics; web security model; cross-site scripting; SQL injection; session managements with cookies; https protocol.
Having said that, the course may need to include various other introductory materials useful for learning these subjects, which will appear in detail below, as the class progresses. In the end, we should be able to develop a decent understanding of the security properties of a computing system, and of how these properties can potentially be compromised.      

 Day  Date  Topics, lecture notes and further reading  Home assignments*  Practice Problems
 1  Fri  07/31  Admin info. & computer security fundamentals [pdf]
Ch 1.1
 2 Mon 08/03 Access control, crypto. notions & usability issues
Ch. 1.2 to 1.4 [pdf]

 set 1
 3 Thu 08/06 Physical security-I
Ch. 2.1 to 2.3 [pdf]
 4 Mon 08/10 Physical security-II
Ch. 2.4 to 2.6
  set 2
 5 Thu 08/13 Operating systems fundamentals and file systems
Ch. 3.1 [pdf]
 HA1, HA2 and HA3
 6 Mon 08/17 Process & file-system security
Ch. 3.2 and 3.3 [pdf]
 7 Thu 08/20Stack and heap based buffer overflows 
Ch. 3.4 [.pdf]
  set 3
 8 Mon 08/24Format string and TOCTOU attacks,
Ch. 3.4
Introduction to malware:virus, worm, Trojan horse
Ch. 4.1[.pdf]
  Thu 08/27Class cancelled  
  Mon 08/31Class cancelled  
 9 Thu 09/03 Quiz-1 (70 minutes)
 10 Mon 09/07Malware attacks, botnets, and countermeasures 
Ch. 4.2 to 4.5
Computer networks fundamentals: topology and layers
Ch. 5.1
 HA4 set 4
 11 Thu 09/10Data link: Ethernet, MAC and ARP spoofing attacks
Ch 5.2
 12 Sat 09/12[Extra class] Network layer: IP, ICMP, IP spoofing & sniffing 
Ch 5.3
  Mon 09/14Class cancelled
 13 Wed 09/16[Extra class] Transport layer: TCP, UDP, NAT, session hijack
Ch 5.4
 14 Thu 09/17Ch 5.5 Denial of service   set 5
 15 Wed 09/23Midsem exam  
 16 Mon 10/05 TBA  
 17 Thu 10/08 TBA  
 18 Mon 10/12 TBA  
 19 Thu 10/15 TBA  
 20 Mon 10/19 TBA  
  Thu 10/22 Holiday  
 21 Mon 10/26  Quiz 2 (70 minutes)  
 22 Thu 10/29 TBA  
 23 Mon 11/02 TBA  
 24 Thu 11/05 TBA  
 25 Mon 11/09 TBA  
 26 Thu 11/12 TBA Holiday?  
 27 Mon 11/16 TBA  
 28 Thu 11/19 TBA  
 30 Sat-  Sat 11/21
 Endsem exam

* A few earlier advisories (also applicable to this course): here and here