ECE 568 Computer Security

Fall 2018 Course Syllabus

General Information

Welcome to ECE 568!

This course covers principles of computer systems security. It starts by examining how to identify security vulnerabilities, how they can be exploited, and then discusses techniques that can help defend against such attacks. The course then provides an introduction to basic elements of cryptography, and continues by covering topics in operating system security, network security and web security.

Instructor

David Lie: lie@eecg.toronto.edu

Office hours by appointment

Course Website

Information on ECE568, including important announcements and course marks can be found on the UofT Quercus course website (https://q.utoronto.ca/courses/63105). Please visit the website on a regular basis for up-to-date information, including information about labs, assignments and lectures. The course also has discussion forum, found here, where you can post questions regarding the course. While we will try to check the board as often as possible, this does not necessarily mean you will get an answer for your questions in less than 24 hours.  Note, you are not automatically enrolled you onto the forum, you must enroll yourself onto the service.

E-mail

All UofT students are required to have a valid UTORmail email address. You are responsible for ensuring that your UofT email address (@utoronto.ca) is properly entered in the ACORN system. Customary Disclaimer: It is your responsibility to check and ensure you are able to receive mail about this course.  You may forward your e-mail to another service (i.e. Gmail, Yahoo, etc.) if you wish, but it is your responsibility to ensure that mail about this course is not filtered as spam or junk mail.

Textbook

There is no required textbook for the course. However, the instructor will provide a list of reference books in class. The instructor will also provide lecture slides on the course web site. Also, various other resources will be available on the web site.

Timetable

The timetable for the course is shown below. You are expected to attend the lectures each week; attendance in the labs is recommended, but not required.

Labs

The labs consist of a number of programming exercises that will take a substantial amount of your time. The TAs will test your lab on the ECF lab workstations (p___.ecf.utoronto.ca). You may do the labs on your own machines, but it is your responsibility to make sure that they work on the ECF computers. PLEASE NOTE that you will need a 64-bit Linux OS to do the labs.  All ECF computers have been updated to 64-bit Linux.  To check whether you are running a 64-bit version of Linux, please type “uname -a” and verify that you see “x86_64” in the results returned. The TAs will be using automated scripts to aid them in grading the labs: as a result, it is important that you follow the submission instructions for each lab carefully. You are encouraged to include documentation for your labs (not exceeding 1 page, please no essays!). If your labs do not work completely, the TAs may use this documentation to assign part marks. Lab attendance is not required. Labs will be done in groups of two students.  A TA will be in SF1013/1012 during the lab period (12-3PM on Mondays) starting Sept 17.

Important Dates

An approximate lecture schedule along with the release date and due dates for the labs and assignments are shown below. A handout for each lab and for each assignment will be available from the course web site, and no hard copies will be provided in class. Labs are due by no later than 11:59 pm on the indicated due date below.  

Week

Lecture

Lab/Problem Sets/Midterm

Sept 7

Intro, ethics

 

Sept 10

Security fundamentals, Buffer overflows

Note: there is no scheduled lab on Sept 10.  Labs start Sept 17

Sept 17

Format string, double free, ROP, CFI, Attacks and Defenses

Lab 1: Buffer Overflow Vulnerabilities (Due Oct 7)

Sept 24

Intro to Crypto, Block Ciphers

Problem Set 1 (Due Oct 10)

Oct 1

Encryption Modes, Stream Ciphers

Oct 8

Key exchange, Public Key Crypto, RSA, PKI

Lab 2: SSL Programming (Due Oct 28)

Oct 15

Review

Oct 22

Hashes, MAC, Signatures, Secure communication + SSL

Midterm Oct 22 & 24 (1 hour each during class.  Locations:

Oct 22: GB 404/405

Oct 23: EX300

Oct 29

Web authentication and XSS, XSRF attacks,

Single Sign-on and federated Identity

Lab 3: 2-factor Authentication (Due Nov 18)

Nov 5

 2-factor authentication

Problem Set 2 (Due Nov 25)

Nov 12

OS Security, Network Security, protocol attacks, firewalls + IPS/IDS

Nov 19

Android and Mobile Security

Lab 4: Web application security (Due Dec 5)

Nov 26

Block chains and Bitcoin, IaaS Cloud Security,

Dec 3

Review and Wrap-up

 

Tutorials

There are no tutorials in this course. Please make use of the TAs in the labs, the discussion forum, and office hours with the instructor.

Course Policies

There will be no extensions given in this course. Plagiarism will not be tolerated; in particular, you and your lab partner are jointly responsible for ensuring that your submitted lab work is original work.

Missed Labs

You will have a minimum of two weeks to do any labs – so a couple of sick days will not be accepted as grounds for special consideration. Nevertheless, if for some valid reason you are unable to submit the lab on time or hand in an assignment, please provide an explanation and appropriate documentation (for example, a doctor’s note).

Re-grading

Everybody makes mistakes, including TAs and the instructor! If you feel that there has been a grading mistake, you can request a regrade within one week of the lab results being returned. You should submit a short note explaining which questions are in error and why you think you deserve a regrade. A TA or the instructor will regrade the entire lab. (Therefore, you should be sure that there has been a significant mistake, or you may very well end up with a lower grade on your assignment.)

Marking and Evaluation

There will also be two 1-hour mid-term tests during the course on Oct 22 and 24. They will take place during the lecture slot to minimize conflicts.  A final exam will be given during the final exam period. The details of the mid-term test and final exam time will be provided in class and on the web site. The composition of the final mark is as follows:

Labs: 20% Problem Sets: 5% Mid-Term Test: 25% Final Exam: 50%

Calculator Type: 4 (none) Exam Type: C (single reference sheet, both sides)