Lahore University of Management Sciences

CS 473/CS 5714/EE 483 – Network Security

Spring & 2013

Instructor Muhammad Fareed Zaffar

Room No. 9-119A
Office Hours 12:00 – 2:00p.m.
Email fareed.zaffar@lums.edu.pk
Telephone 8193
Secretary/TA Hasnain Lakhani
Muhammad Hassan
TA Office Hours
Course URL (if any)

Course Basics
Credit Hours 3
Lecture(s) Nbr of Lec(s) Per Week 2 Duration 75 minutes
Recitation/Lab (per week) Nbr of Lec(s) Per Week Duration
Tutorial (per week) Nbr of Lec(s) Per Week 2 Duration 85 Minutes

Course Distribution
Core
Elective
Open for Student Category
Close for Student Category

COURSE DESCRIPTION
1. Understanding of basic issues, concepts, principles, and mechanisms in information security
2. Exposure to commercial as well as research security technologies.
3. We will be covering a broad range of fundamental concepts
a. What is out there
b. What is wrong with what is out there
c. We will learn about attacks and their limitations
d. Also learn about preventing attacks and the limitations
4. Fairly independent course
5. Exploration as part of the assignments and projects
6. NOT a course on Cryptography, arifz teaches one….

COURSE PREREQUISITE(S)

•
•
•

COURSE OBJECTIVES

•
•
•
 Lahore University of Management Sciences
Learning Outcomes

•
•
•

Grading Breakup and Policy

Assignment(s): 20%
Home Work:
Quiz(s): 10%
Class Participation:
Attendance:
Midterm Examination: 20%
Project: 30%
Final Examination: 20%
 Comprehensive final exam
 Late assignments will have a 25% deduction per day
 Grading might not be on the curve
 Showing initiative will be rewarded
 Project has to be done individually
o Showing initiative will be rewarded

Project criteria
1. Can be (a combination of):
a. Design of new algorithms and protocols.
b. Or new attacks!
c. Analysis/evaluation of existing algorithms, protocols, and systems.
d. Vulnerabilities, efficiency, etc.
2. Implementation and experimentation.
3. Research work
a. Small team - Two to three persons.
b. Proposal, work, and final demo/write-up.
c. Conference deadline co-incides with the end of semester.

Examination Detail

Yes/No: Yes
Combine Separate: Combine
Midterm
Duration: 2.5 hours
Exam
Preferred Date:
Exam Specifications:

Yes/No: Yes
Combine Separate: Combine
Final Exam
Duration: 3 hours
Exam Specifications:
 Lahore University of Management Sciences
COURSE OVERVIEW
Week/
Recommended Objectives/
Lecture/ Topics
Readings Application
Module
1 Cryptography: secret key, public key, digital signatures
2 Esoteric protocols, digital cash, bit commitment, electronic voting
3 Applications of cryptography to network and operating system security
4 Secret key and public key cryptographic algorithms; hash functions
5 Steganography;
6 Access Control;
7 Filesystem security
8 Network infrastructure security
9 Operating systems security
10 Firewalls and intrusion detection techniques.
11 Authentication and identication schemes;
12 Malware: viruses, worms, bots
13 Formal models of computer security
14 Secure operating systems, storage
15 Denial-of-service attacks and countermeasures
16 Software protection;
17 Security of the World Wide Web and electronic mail;
18 Safe programming
19 Malicious code analysis
20 Electronic commerce: payment protocols, electronic cash;
21 Risk assessment, and others.
22 Buffer overflow attacks
23 SQL Injection attacks
24 Cross site scripting attacks
25 Automated attack tools and defences
26 Privacy and anonymity on the Internet, TOR, facebook case study
27 Cryptography: secret key, public key, digital signatures
28 Esoteric protocols, digital cash, bit commitment, electronic voting

Textbook(s)/Supplementary Readings
1. Information security: Principles and practice. Mark Stamp
2. Foundations of security: what every programmer needs to know. Neil Daswani
3. Applied cryptography. Bruce Schneier
4. Security Engineering: a guide to building Dependable Distributed systems. Ross Anderson (First edition)
5. Introduction to Network security. Matt Bishop
Other references to be provided as we proceed
Course Rules
1. Assignments to be done in groups
a. One submission per group
b. Be sure to understand what you submit
c. Discussion is allowed, copying isnt
2. A proper understanding of security requires a proper understanding of security vulnerabilities and failings as well
3. NEVER attempt any unauthorized access to any network or computer unless you have the explicit permission of the owner
or operator
4. I need to be informed before any such attempt is made
 Lahore University of Management Sciences
5. Likewise refrain from writing viruses, attempting DoS attacks, or similar damaging software or exploits unless you do it in an
isolated sandboxed environment
6. We will not tolerate ANY illegal activity, not even if it is done in “good Humor”.
7. Failure to comply will result in an automatic F in the course along with appropriate disciplinary action