CS742: Computer and Network

Security
Course Overview & Logistics

Kameswari Chebrolu
Room 402, Kresit
Department of CSE, IIT Bombay
http://www.cse.iitb.ac.in/~chebrolu

(Course website: flamingo.bodhi.cse.iitb.ac.in)

 CS742 Course Content
Overview:
Motivation, Terminology/Background, History
Modern Cryptography:
Confidentiality, Integrity, Authentication: Foundations,
Symmetric key encryption, Block modes, Asymmetric key
encryption, Hashes, MACs, Digital Signatures
Cryptographic Protocols:
Human authentication, key distribution, one-
way/mutual/mediated authentication, Case Study:
SSL/TLS
Program Security:
Buffer Overflow, Access control, Process Control
 CS742 Course Content
Network Security:
Attacks at link/network/transport/application layer,
Denial of Service (DOS) attacks, Firewalls, Intrusion
Detection
Web Security:
Client/Server side attacks: Session Hijacking,
Phishing, Click jacking, Scripting, Database/SQL
injection; Defenses against the same
Other Topics (time permitting):
Malware types and case studies
 CS406 vs CS742
● CS406:
– focus on Cryptography; covered in-depth
– strong theoretical treatment;
● CS742:
– focus on Cryptography, Attacks/defenses
leveraging Networks, Programs, OS and Web
– High level systems perspective; hardly any
theory
 References
● Menezes, Bernard. Network Security And
Cryptography, 1st ed., Cengage Learning India,
2010
● Michael Goodrich and Roberto Tamassia.
Introduction to Computer Security, Pearson, 1st
edition (2013)
● Mike Speciner, Radia Perlman and Charlie
Kaufman. Network Security: Private
Communications in a Public World, Prentice
Hall; 2 edition (22 April 2002)
 CS 742
● Open ONLY for CSE students
– Requires Computer Networks background
– Requires strong programming skills
● CS416m is open for other department UG
students
– CS224m a pre-requisite
 Pre-Requisites
● Sincere, hard-working: committed learning
● Time management: methodical learning
● Social (discussion & participation): group
learning
● Straightforward, honest: ethical learning
– Cheating will be reported to DDAC
● A bit of humor, wit will liven the classroom
 Bad or Good News!
● This is a flipped class :-)
– Outside class: watch videos
– In class: discussion+practice-problems+Hands-
on lab
– More details shortly
● Attendance
– Won't enforce DX grade
– But weekly auto-graded “Safe” quizzes :-)
 Evaluation

Safe Quizzes 10.00%

MidSem 30.00%
Labs* 20.00%
Final 40.00%

* In class labs not evaluated towards grade (they

are for practice)
* Two labs exams in proctored settings
 Course Model
● Flipped Classroom
– http://en.wikipedia.org/wiki/Flip_teaching
●

Fig. From http://www.knewton.com/flipped-classroom/

 Online Content: Video
Concepts packed as modules to watch at own pace

● Videos ● You choose your own

– Typically 10-20 min – Time
– Interactive with embed – Place
questions
– Group
– Pause, think,
understand, answer – Pace
● Total watching time: 1.30 hrs
per week
● All reference material
provided including slides
 Online Content: Practice
Problems
● Concepts and grouped concepts have
associated practice problems
– Work at your own pace and time
● Problems: Multiple choice, Fill-In-Blanks and
Descriptive
– First two are scored online (not for grades, but
for your own record)
– Can potentially cheat but defeats purpose of
learning
 In Class Tutorial
● Sessions in smaller groups of 70+ (2 groups)
● A group meets once a week for 90 min
– During Slot 10
– Group 1: 10A; Group 2: 10B
● What happens in a tutorial?
 Tutorial
● Simple Quiz every tutorial for 10 min (accounts
for 10% grade)
– Will be based on SAFE android app
● Summary/Reiteration of concepts learnt
● Discussions, Clarifications, Q&A session
● Practice problems + Hands-on-Lab
● Attendance? I don't enforce but SAFE
will :-)
 Learning
Personalized Complete
Flexible
● Instructor ● Each concept is
talking just to ● Your choice of complete: video,
you :) time, place, slides, reference
group material,
● ALL get to
answer ● Your pace: practice
questions problems
Take as much
without fear of time to view or
● Interspersed
embarassment solve questions watching and
Focused small study time
No
●
●

group tutorials procrastination

● Move ahead
due to periodic after mastering
quizes concept
 Comparison
Traditional Model Flipped Model
● Fixed Timing/place ● Flexible timing/place
● Focus ? ● Focus?
● Watch once ● Watch many times
● Instructor pace ● Student pace
● Few questions ● Many questions
● Target few students ● Target all students
● Immediate feedback ● No immediate feedback
 Cons
● No immediate feedback
● Solutions?
– Watch in groups
– Leverage discussion forum
● Post questions, get answers from friends,TAs or
Instructor
Why you should drop the course?
● Heavy Course (with labs etc)
● Very Competitive (150+ students)
– I am stingy with AAs
● Flipped??
– Think of the negatives
● Very limited TA support (3/7 allocated)
– Things will be slow and drag
● Many other “hot” courses
 Action Items
● Look out for emails from me
– One on Bodhitree and one on SAFE
● Job of TA?
– Split students across the two tutorial groups (Tue and Fri)
● Login and watch the videos on BodhiTree
– Look at the wiki for the schedule of videos to watch for the
week
– Don't take it easy: Tutorials starting Aug 6th
● Before first tutorial
– Prepare for the SAFE quiz during the tutorial
– Think of “interesting” questions for discussion
Enter the world of Security