Introduction to System Security

Northwestern CS, Winter Quarter 2023

Overview

The past decade has seen an explosion in the concern for the security of information. This course introduces students to the basic principles and practices of computer system and networking security, with detailed analysis of real-world examples and hands-on practice. Topics include the basic crypto, authentication, reverse engineering, buffer overflow attacks, vulnerability scanning, web attacks, firewalls, intrusion detection/prevention systems, etc. We will first introduce the basic theory for each type of attacks; then we will actually carry them out in 'real-world' settings. The goal is to learn security by learning how to view your machine from a hacker's perspective. In addition, we encourage students to participate in the UCSB International Capture the Flag Competition. Capture the Flag is a network security exercise where the goal is to exploit other machines while defending your own. In fact, this course should prepare you for any one of many capture the flag competitions that take place year round.

We will learn about different types of hacks and perform them. After learning how to execute such exploits and penetrate a network, we will discuss ways to protect a network from others exploiting the same vulnerabilities. Understanding security is essential in all fields of software development and computing.

For major or minors in Computer Science, this course can satisfy the systems breadth. If you have any questions, please contact one of the instructors below.

Prerequisites

• EECS 213 (Introduction to Systems) or EECS 205/231 Required
• EECS 340 or 333 (Networking) Required
• EECS 343 (Operating Systems) Recommended

Instructors

• Professor Yan Chen Homepage

Location and Time

Location: TBD
Time: TBD

Office Hours

On-site hours in Wilkinson Lab:

IRC hours (the IRC channel is #NorthwesternNetsec on irc.ubuntu.com):

Grading

• 45% Participation (class discussion and labs)
• 45% Homework (individual projects)
• 10% Quiz
• 5-10% (bonus) for participating in the iCTF

For the labs, please remember to check out with one of the teaching staff at the end of each lab. If you cannot finish it in class, you are expected to finish it within a week. After that, there is a late penalty of 10% off per day.

All the files you need for labs and projects are available on this GitHub repo.

We would like to foster a community for students in this class to help each other with projects (without giving solutions, of course).

Communication

This class website can be found at http://hamsa.cs.northwestern.edu. The website will be used to host files presented and used in class. In addition, we will use a Google Group, Network Penetration and Security, for communication and discussion. Please join this group as soon as possible. The group can be found at http://groups.google.com/group/nuctf. Please send your qns to this newsgroup unless you have to send your code to the teaching staff. For the latter, please send to eecs354-staff@cs.northwestern.edu Email.