People
Syllabus
Notes
Labs

CS 490S: Secure Network Programming

Syllabus

Cr. 1 Corequisite: CS 422 (that means that students who have taken CS 422 in the past, or are taking CS 422, can take CS 490S now).
CS majors may use this course only as a free elective.

Instructor

Pascal Meunier, PTC E2-312

Class Homepage

An updated syllabus, class handouts, lecture notes, and other information can be found at:

http://www.cs.purdue.edu/homes/cs490s

Schedule

Lecture: Thursdays 9:30-10:20, KNOY B035

References

Textbook:
None required. We will be using these slides, mostly those in class 3.
Can be useful but not required: Network Intrusion Detection, (3rd edition) Northcutt and Novak

Goal

After successfully completing this course:
  • You will understand the basics of programming secure network applications.
  • You will understand how networking protocols may be vulnerable to attacks, and how to defend against those attacks or mitigate the risks.
  • You will be familiar with the most frequent programming errors and negligences leading to vulnerabilities in networked applications and protocols.

Course Organization

The course consists of lecture sessions, two quizzes (exams) and three deliverables. The deliverables consist of choosing a lab assignment from CS 422 (approval by email required to make sure the assignment is appropriate), and providing: a) a 1-2 page long threat assessment; b) a list of security functional requirements to be implemented in order to mitigate the threats in a); and c) the improved lab with some implemented security functionality. The fact that this class is a one-credit class limits the effort to be spent on this implementation to one security feature (or two easy ones). The improved lab will not be evaluated on the original CS 422 functionality except that which is required to demonstrate the security feature.

Lists and Announcements:

All announcements will be sent via email. It is important that you add yourself to the cs490s mailing list. From your CS account type:
"mailer add me to cs490s"

To verify that you are on the list you may type

"mailer list cs490s"
To get help with the mailer program type "mailer help" or "man mailer".

Grade Distribution

Half of the class will get an 'A' and the other half a 'B'. The final grade will be based half on the two quizzes, and half on the deliverables. Attendance to both quizzes is necessary to get a passing grade.

First Quiz: Mid-October
Last Quiz: Beginning of December

Topics covered

Trust as the foundation of secure networked applications and remote interactions, followed by networking in a layer-by-layer approach as in the slides at Secure Programming Class 3
Validate HTML