[an error occurred while processing this directive] [an error occurred while processing this directive]

UMSSIA banner

Syllabus 2007

Date Session Time Topic Speaker
Monday
06/4/2007
Day 1 slides
(PDF 710 KB)		 1
2
3
4		 9:30–11:20
12:40–2:30
3:10–5:00
5:30–		 Software Security
Defensive Programming
Lab: The basic buffer overflow
Reception		 Hopper
Hopper
Dokas
All
Tuesday
06/5/2007
Day 2 slides
(PDF 535 KB)		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 Malware
Access Control
Lab: Host defenses		 Hopper
Hopper
Dokas
Wednesday
06/6/2007
Day 3 slides
(PDF 923 KB)		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 TCP/IP Security
Firewalls
Lab: Firewalls		 Hopper
Hopper
Dokas
Thursday
06/7/2007
Day 4 slides
(711 KB)		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 Intrusion Detection
Denial of Service
Lab: Intrusion Detection		 Hopper
Hopper
Dokas
Friday
06/8/2007
Day 5 slides
(PDF 2.4 MB)		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 Cryptography 1
Cryptography 2
Lab: Application Vulnerabilities		 Hopper
Hopper
Dokas
Monday
06/11/2007
Day 6 slides
(PDF 2.4 MB)		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 Psychology and Security
SSL/IPSec
Lab: Recent attacks and defenses		 Schneier
Hopper
Dokas
Tuesday
06/12/2007		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 Crypto3
Economics
Curriculum Development		 Hopper
Odlyzko
Cluster
Wednesday
06/13/2007
Day 8 slides
(PDF 590 KB)		 1
2

3		 9:30–11:20
12:40–2:30

3:10–5:00		 Web Security
User attitudes about online privacy:
a 10 year perspective
Curriculum Development		 Hopper
Gurak

Cluster
Thursday
06/14/2007		 1
2
3		 9:30–11:20
12:40–2:30
3:10–5:00		 Securing Peer-to-peer Systems
Security in University Settings
Curriculum Development		 Kim
Dokas
Cluster
Friday
06/15/2007		 1
2

3		 9:30–11:20
12:40–2:30

3:10–5:00		 Curriculum Development
Security of Anonymous
Communication System
Curriculum Development		 Cluster
Hopper

Cluster

Lab Information

Instructors: Paul Dokas (dokas@cs.umn.edu), Megan Carney (mcarney@oitsec.umn.edu)

Abstract: Focusing on the practical side of computer security, students will use a virtual environment to investigate both the defense of and the common attacks found on today's networks. Defensive tactics will include host based controls, firewalls, intrusion detection and some principles of safe software development. The attacks investigated will focus on up-to-date tactics and how to defend against them.

Schedule

  • Lab 1: The basic buffer overflow Introduce and exploit buffer overflows with Metasploit.
  • Lab 2: Host defenses TCPWrappers, host based firewalls and other controls
  • Lab 3: Firewalls TCP/IP basics, writing firewall rules, PFSense.
  • Lab 4: Intrusion Detection IDS basics, writing IDS rules, Snort.
  • Lab 5: Application Vulnerabilities Race conditions, web applications, sql injection.
  • Lab 6: Recent attacks and defenses Javascript, browser exploits and more.

Research and Experience Talks

—Psychology and Information Assurance

  • Speaker: Bruce Schneier (Counterpane Systems)
  • Abstract:

—Economics

  • Speaker: Andrew Odlyzko (DTC, University of Minnesota).
  • Abstract: Dr. Odlyzko will lecture on economics and information security, including his research in economics of privacy.

—Information Assurance and NSF (NSF and CSE department, University of Minnesota)

  • Speaker: David Du
  • Abstract:

—User attitudes about online privacy: a 10 year perspective

  • Speaker: Laura Gurak (Rhetoric, University of Minnesota).
  • Abstract: In April 1990, Lotus Development Corporation announced a product called MarketPlace: Households. MarketPlace was to be a direct mail marketing database for Macintosh computers. It would contain name, address, and spending habit information on 120 million individual American consumers from 80 million different households. After MarketPlace was announced in April 1990, a small group of computer privacy advocates began an Internet-based protest of this product. As a result, over 30,000 people contacted Lotus and asked that their names be removed from the database. The product was never released. Since that time, the Internet has blossomed from a small tool for computer specialists to something as common as a kitchen appliance. How have user attitudes about online privacy changed since the Lotus case? How has the legal and social landscape changed? This talk will examine the Lotus case and then move forward to 2007 to examine today's social and legal issues involving privacy and digital technologies.

—Security in University Settings

  • Speaker: Paul Dokas (OITSec, University of Minnesota).
  • Abstract: This talk provide information on some of the issues large universities face concerning network security. Mr. Dokas will demonstrate the uniqueness of universities versus other organizations concerning typical centralized security models for practical use. He will also discuss the practical aspects of providing network security to a large university, including various problems unique to universities and possible solutions to these problems.

—Securing Peer-to-peer Systems (CSE department, University of Minnesota)

  • Speaker: Yongdae Kim
  • Abstract:
[an error occurred while processing this directive] April 15, 2008 [an error occurred while processing this directive]