Kameswari Chebrolu Room 402, Kresit Department of CSE, IIT Bombay http://www.cse.iitb.ac.in/~chebrolu
(Course website: flamingo.bodhi.cse.iitb.ac.in)
CS742 Course Content Overview: Motivation, Terminology/Background, History Modern Cryptography: Confidentiality, Integrity, Authentication: Foundations, Symmetric key encryption, Block modes, Asymmetric key encryption, Hashes, MACs, Digital Signatures Cryptographic Protocols: Human authentication, key distribution, one- way/mutual/mediated authentication, Case Study: SSL/TLS Program Security: Buffer Overflow, Access control, Process Control CS742 Course Content Network Security: Attacks at link/network/transport/application layer, Denial of Service (DOS) attacks, Firewalls, Intrusion Detection Web Security: Client/Server side attacks: Session Hijacking, Phishing, Click jacking, Scripting, Database/SQL injection; Defenses against the same Other Topics (time permitting): Malware types and case studies CS406 vs CS742 ● CS406: – focus on Cryptography; covered in-depth – strong theoretical treatment; ● CS742: – focus on Cryptography, Attacks/defenses leveraging Networks, Programs, OS and Web – High level systems perspective; hardly any theory References ● Menezes, Bernard. Network Security And Cryptography, 1st ed., Cengage Learning India, 2010 ● Michael Goodrich and Roberto Tamassia. Introduction to Computer Security, Pearson, 1st edition (2013) ● Mike Speciner, Radia Perlman and Charlie Kaufman. Network Security: Private Communications in a Public World, Prentice Hall; 2 edition (22 April 2002) CS 742 ● Open ONLY for CSE students – Requires Computer Networks background – Requires strong programming skills ● CS416m is open for other department UG students – CS224m a pre-requisite Pre-Requisites ● Sincere, hard-working: committed learning ● Time management: methodical learning ● Social (discussion & participation): group learning ● Straightforward, honest: ethical learning – Cheating will be reported to DDAC ● A bit of humor, wit will liven the classroom Bad or Good News! ● This is a flipped class :-) – Outside class: watch videos – In class: discussion+practice-problems+Hands- on lab – More details shortly ● Attendance – Won't enforce DX grade – But weekly auto-graded “Safe” quizzes :-) Evaluation
Safe Quizzes 10.00%
MidSem 30.00% Labs* 20.00% Final 40.00%
* In class labs not evaluated towards grade (they
are for practice) * Two labs exams in proctored settings Course Model ● Flipped Classroom – http://en.wikipedia.org/wiki/Flip_teaching ●
Fig. From http://www.knewton.com/flipped-classroom/
Online Content: Video Concepts packed as modules to watch at own pace
● Videos ● You choose your own
– Typically 10-20 min – Time – Interactive with embed – Place questions – Group – Pause, think, understand, answer – Pace ● Total watching time: 1.30 hrs per week ● All reference material provided including slides Online Content: Practice Problems ● Concepts and grouped concepts have associated practice problems – Work at your own pace and time ● Problems: Multiple choice, Fill-In-Blanks and Descriptive – First two are scored online (not for grades, but for your own record) – Can potentially cheat but defeats purpose of learning In Class Tutorial ● Sessions in smaller groups of 70+ (2 groups) ● A group meets once a week for 90 min – During Slot 10 – Group 1: 10A; Group 2: 10B ● What happens in a tutorial? Tutorial ● Simple Quiz every tutorial for 10 min (accounts for 10% grade) – Will be based on SAFE android app ● Summary/Reiteration of concepts learnt ● Discussions, Clarifications, Q&A session ● Practice problems + Hands-on-Lab ● Attendance? I don't enforce but SAFE will :-) Learning Personalized Complete Flexible ● Instructor ● Each concept is talking just to ● Your choice of complete: video, you :) time, place, slides, reference group material, ● ALL get to answer ● Your pace: practice questions problems Take as much without fear of time to view or ● Interspersed embarassment solve questions watching and Focused small study time No ● ●
group tutorials procrastination
● Move ahead due to periodic after mastering quizes concept Comparison Traditional Model Flipped Model ● Fixed Timing/place ● Flexible timing/place ● Focus ? ● Focus? ● Watch once ● Watch many times ● Instructor pace ● Student pace ● Few questions ● Many questions ● Target few students ● Target all students ● Immediate feedback ● No immediate feedback Cons ● No immediate feedback ● Solutions? – Watch in groups – Leverage discussion forum ● Post questions, get answers from friends,TAs or Instructor Why you should drop the course? ● Heavy Course (with labs etc) ● Very Competitive (150+ students) – I am stingy with AAs ● Flipped?? – Think of the negatives ● Very limited TA support (3/7 allocated) – Things will be slow and drag ● Many other “hot” courses Action Items ● Look out for emails from me – One on Bodhitree and one on SAFE ● Job of TA? – Split students across the two tutorial groups (Tue and Fri) ● Login and watch the videos on BodhiTree – Look at the wiki for the schedule of videos to watch for the week – Don't take it easy: Tutorials starting Aug 6th ● Before first tutorial – Prepare for the SAFE quiz during the tutorial – Think of “interesting” questions for discussion Enter the world of Security