pk.org: Computer Security

CS 419 Documents

O you possessed of sturdy intellects, observe the teaching that is hidden here beneath the veil of verses so obscure.
      —Dante Alighieri, Inferno IX:61–63, trans. A. Mandelbaum

This page contains links to lecture notes, class lecture slides, and related reading material. Lecture slides are in Adobe PDF format. The slides here will generally be a superset of the material presented in class, with extra annotations and, in some cases, additional pages for clarity.

Please let me know if you find any errors or unclear wording. Any corrections will be most appreciated.

Week 1 Introduction to Computer Security

Topics

  • Confidentiality, integrity, availability
  • Threat models and security mindset
  • Trusted computing base

Lecture Notes Notes

  1. Foundations of Computer Security
  2. Threats, Vulnerabilities, and Attacks
  3. Adversaries and Cyber Warfare
  4. Tracking Vulnerabilities and Risks

Lecture Slides Slides

  1. Introduction (PDF)
  2. Goals (PDF)
  3. Internet-enabled threats (PDF)
  4. Attacks and motives (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑14

Week 2 Cryptography

Topics

  • Symmetric cryptography basics and principles
  • Modern ciphers: DES, AES, ChaCha20
  • Block modes: ECB, CBC, CTR
  • Cryptanalysis: frequency, differential, linear

Lecture Notes Notes

  1. Cryptography

Lecture Slides Slides

  1. Cryptography (PDF)
  2. Cipher modes, cryptanalysis (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 3 Integrity

Topics

  • Asymmetric cryptography and key exchange: RSA, ECC, Diffie-Hellman, hybrid systems, forward secrecy
  • Quantum threats and post-quantum cryptography standards
  • Integrity mechanisms: cryptographic hashes, MACs, digital signatures, certificates
  • Code signing and software integrity verification

Lecture Notes Notes

  1. Integrity

Lecture Slides Slides

  1. Integrity (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 4 Authentication

Topics

  • Authentication methods: passwords, tokens, multi-factor, biometrics, risk-based authentication
  • Biometric authentication: modalities, accuracy metrics, spoofing attacks, data breaches
  • CAPTCHA: history, design, bypass techniques, AI challenges, emerging defenses

Lecture Notes Notes

  1. Authentication

Lecture Slides Slides

  1. Authentication (PDF)
  2. Biometrics (PDF)
  3. CAPTCHA (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 5 Bitcoin and blockchains

Topics

  • Hash pointers, Merkle trees, and tamper-evident data structures
  • Bitcoin design: decentralized ledger, transactions, and mining
  • Proof of Work, difficulty adjustment, and 51% attacks
  • Privacy, security, centralization risks, and real-world cryptocurrency incidents

Lecture Notes Notes

  1. Bitcoin

Lecture Slides Slides

  1. Bitcoin (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 6 Access control

Topics

  • Access control concepts: protection, domains, access control matrices, ACLs, capabilities
  • POSIX permissions, ACL extensions, setuid/setgid, least privilege, privilege separation
  • Mandatory Access Control: DAC vs MAC, Bell-LaPadula, multilevel and multilateral security
  • Advanced models: Type Enforcement, RBAC, Biba, Chinese Wall, SELinux

Lecture Notes Notes

  1. Access control

Lecture Slides Slides

  1. Part 1: Access Control (PDF)
  2. Part 2: POSIX permissions (PDF)
  3. Part 3: Mandatory Access Control (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 7 Memory Exploits and Code Injection

Topics

  • Injection attacks: command, SQL, and code injection fundamentals
  • Exploitation techniques: unsanitized input, shell metacharacters, path traversal
  • Mitigations: input validation, escaping, parameterized queries, safe APIs
  • Environment-based attacks: LD_PRELOAD, DLL sideloading, and interpreter abuse

Lecture Notes Notes

  1. Memory exploits

Lecture Slides Slides

  1. Memory Exploits (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 8 Command Hijacking & Containment

Topics

  • Command, SQL, and code injection vulnerabilities and mitigations
  • Path traversal, path equivalence, Unicode parsing, and file parsing flaws
  • Environment variable abuse, library hijacking, and function interposition
  • TOCTTOU race conditions, mktemp attacks, and file descriptor exploits

Lecture Notes Notes

  1. Command hijacking
  2. Containment
  3. Sandboxing

Lecture Slides Slides

  1. Command hijacking (PDF)
  2. Containment (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 9 Malware

Topics

  • Malware types and components: viruses, worms, trojans, backdoors, rootkits
  • Infiltration methods: exploits, infected media, supply chain attacks, social engineering
  • Evasion and persistence: packing, polymorphism, sandbox detection, covert channels
  • Detection and defense: signature scanning, heuristic analysis, behavioral monitoring

Lecture Notes Notes

  1. Malware

Lecture Slides Slides

  1. Malware (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 10 Network Security

Topics

  • Link layer attacks: CAM overflow, VLAN hopping, ARP poisoning, DHCP spoofing
  • IP and TCP/UDP threats: spoofing, DoS, SYN floods, routing attacks
  • BGP hijacking and defenses: RPKI, BGPsec, notable real-world incidents
  • DNS vulnerabilities: cache poisoning, pharming, rebinding, DNSSEC defenses

Lecture Notes Notes

  1. Network Security

Lecture Slides Slides

  1. Network Security (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 11 Network Security: Secure Communication

Topics

  • DDoS fundamentals: flooding, amplification, reflection, and record-breaking attacks
  • Botnets and command-and-control infrastructure for large-scale attacks
  • TLS: authentication, confidentiality, integrity
  • VPN protocols: OpenVPN, IPsec, WireGuard, tunneling, and encryption methods

Lecture Notes Notes

  1. DDoS Attacks
  2. Secure Communication

Lecture Slides Slides

  1. DDoS (PDF)
  2. VPNs (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 12 Network Protection, Web Security

Topics

  • Firewalls: NAT, packet filtering, stateful inspection, DPI, IDS/IPS, Zero Trust
  • Web security: same-origin policy, CORS, cookies, CSRF, XSS, clickjacking, typosquatting

Lecture Notes Notes

  1. Network Protection

Lecture Slides Slides

  1. Firewalls (PDF)
  2. Web Security (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15

Week 13 Hiding Things

Topics

  • Steganography and watermarking: techniques, goals
  • Digital watermarking in AI-generated, C2PA
  • Anonymous communication: Tor, I2P, dark web, and covert channels
  • Mesh networking for censorship resistance and offline communication

Lecture Notes Notes

  1. Steganography

Lecture Slides Slides

  1. Steganography and Watermarking (PDF)
  2. Anonymous Communication (PDF)

Terms You Should Know Terms

Updated: 2025‑08‑15