Syllabus for
CS 5950 – Computer
Security and Information Assurance (CSIA)
Fall 2009
Department of
Computer Science, Western Michigan
University
Instructor: Dr. Leszek (LEH-shek)
Lilien
CEAS B-249, phone: (269) 276-3116 (email preferred)
Email:
llilien@cs.wmich.edu – Only messages
conforming to the following email requirements will be read by me.
Email requirements for CS
5950-F09 Replies to messages that do not conform to the
following requirements might be delayed or missing (e.g., due to automatic
classification of the message as junk mail): a) The message should be
sent from a WMU account - ending with “wmich.edu” (of course, this includes
accounts ending with “cs.wmich.edu”). b) The message should have
a descriptive subject with the indicated prefix: (b.1) If your message is related to your project
(required for graduate students taking this course), use the following
Subject line format: CS5950-CSIA-F09--PT<id>:
<subject> where PT = Project Team, and id
is the id of your Project Team. Examples: for id =
4:
CS5950-CSIA-F09--PT4:
selected papers for id =
8A: CS5950-CSIA-F09--PT8A:
selected papers IMPORTANT: Any member of a PT sending a message to
me _must_ Cc it to all members of this PT, so: (a) all PT members are
informed, and (b) I can easily reply to all. (b.2)
For your messages related to other CS5950-CSIA topics, use the
following Subject line format: CS5950-CSIA-F09--<your
last name>: <subject> Example: CS5950-CSIA-F09--Smith:
final exam date NOTE: Don't use "<" and
">" — they are only elements of format specifications Attached files must be scanned with up-to-date anti-viral
software, and the message including them must contain the following
statement: I
have scanned the enclosed file(s) with <name of software, its
version>, which was last updated on <date>. where <date> should be the
current date. (You should have the habit of updating your anti-viral software
daily!). |
Lectures: T and R 6:00 pm – 7:15 pm, CEAS C-136
Office
Hours: T 11:30 am – 12:30 pm, R
4:30 – 5:30 pm
Lecture
Web Pages:
Syllabus - main page (this page): index.htm
Detailed course outline: outline.htm
Announcements and slides: announcements+slides.htm
Lab Web Page:
Lab information main page (TA: TBD): TBD
Prerequisites:
Grade C or better in CS 5550: Computer Networks or equivalent, or instructor’s permission.
Texts:
Required: Pfleeger and Pfleeger, Security in
Computing. Fourth Edition,
Prentice
Hall PTR, 2007, ISBN-10: 0132390779,
ISBN-13: 9780132390774
(http://vig.prenhall.com/catalog/academic/product/0,1144,0132390779,00.html)
Highly recommended (for lab
exercises): V.J. Nestler, W.A. Conklin, G.B. White, and M.P. Hirsch, Computer
Security Lab Manual, McGraw-Hill/Irwin, 2005, ISBN 0-07-225508-0 (http://www.securitylabmanual.com)
Course
Overview:
This course is a survey of topics in the realm of
computer/network security and information assurance. It introduces a
broad range of topics including: cryptographic techniques, network security,
program security, privacy, and ethics in the computing profession.
Students will learn fundamental concepts of security that can be applied to
many traditional aspects of computer programming and computer system design.
Course Objectives:
The course is designed to provide
knowledge including the following:
Security terminology
Basic cryptographic techniques:
terminology, basic ciphers, private and public key encryption, uses of
encryption
Network security: threats (incl.
impersonation, spoofing, DoS, DDoS), controls (incl. encryption, strong authentication),
selected network security tools (firewalls, intrusion detection)
Program security: nonmalicious
program errors (incl. buffer overflows), viruses, other malicious code,
targeted malicious code, controls against program threats
Legal, ethical, privacy issues in
Computer Security
If time permits: Protection in operating systems: protected objects,
methods of protection, access control, authentication
If time permits: Database security: security requirements, sensitive
data, inference, multilevel databases
Performance Objectives:
At the end of the course, all students should be able
to:
Describe and correctly use fundamental terminology in
the area of computer/network security and information assurance
Describe fundamental concepts of
cryptography and assess the strengths and weaknesses of common cryptographic
protocols
Understand security threats and
available controls in networks
Identify weaknesses in program design
and be able to categorize basic forms of attack against programs
Appreciate and understand the legal,
ethical, and privacy issues in computer security
If time permits: Understand the basic concepts of security with
regards to operating systems and access control
If time permits: Describe database attacks and protections against
such attacks
Grading:
Lab
30%
Midterm
30%
Final
40%
Lab
20%
Midterm
20%
Final
30%
Project
30%
Course Policies:
Lecture notes will be available on-line
on the “slides and announcements” page or emailed to the class. You should
study the slides and read announcements (if any) after/before each lecture.
Taking notes during classes is highly
encouraged. Especially, you should write down anything that is written
down using the board or the document projector. You are encouraged to slow me
down if you need more time to take notes.
Attendance is required. If you must miss
a lecture, make sure that you don’t miss announcements.
I expect to have a lab assistant’s
support for the lab. Lab assistant’s web page for the lab is given above under
the Lab Web Page header.
Lab assignments, based on the
recommended textbook (“Computer
Security Lab Manual”), will be weekly or bi-weekly.
The assignments must be run entirely in
the secure environment of the Computer Security Lab (CEAS C-208). Running them in any other environment, including your own
desktop or laptop, is prohibited since it may
cause security threats to you or others.
Reports or demonstrations (to the lab
TA) will be required for each lab assignment.
Each assignment will have a due
date/time. For each day an assignment is late, 10% of the maximum
assignment score will be deducted. Weekends and holidays are not counted
when calculating lateness. No assignments will be accepted after 11:59 pm
on the day of the last class (during the week preceding the final Examination
Week).
3. Group Projects
– for Graduate
Students Only
The group projects will be
done in Project Teams (PTs) consisting normally of 2-4 students.
I will propose a set of
topics for the project to help students in project selection. PTs are free to
propose their own topics for the project but must obtain my buy-in before
starting their work.
More details about project
requirements, including presentation and report requirements, will be provided
later.
4.
Exams
There will be two exams for the
class.
The midterm exam will be
announced at least a week in advance (most probably, it will be held during the
sixth week of the semester). It will be held during the normal class
time.
The final exam will be held
during the finals week, as scheduled by the Registrar’s Office (for “All
Tuesday 5:30 p.m. & after Tuesday, Dec 15, 7:15 - 9:15 pm”
see: http://www.wmich.edu/registrar/finalexam.html
If you miss an exam and are
excused, you will be required to take a make-up exam. To be excused, there must be significant circumstances beyond the student’s control. Generally this will require documentation, such as
a doctor’s note in case of an illness.
NOTE: No make-up exams will be given
for reasons other than emergency situations completely beyond student’s
control. If you know ahead of time
that the final exam time conflicts with your plans, do not register for
this class. (In particular, early flight reservations are not an acceptable
reason for a make up exam.)
5. Incomplete
Grades
6. Other Issues
You are expected to stay alert and pay attention to
the directions/announcements in the class. Cellphones, PDAs, and other
electronic devices should NOT be used during the lecture and should be turned
off.
If available, you may bring your laptop to the class.
Other
Notes:
Since email and
telephone limit interactions, please see me during my office hours in case of
any course difficulties. (In justified cases, a special appointment can
be made.)
No questions
will be answered on the date of a quiz/exam. No office hours will be held on
the days of the midterm and final exams.
A make-up
quiz/exam can be given only when a
student presents a valid emergency reason for missing the quiz/exam, with
well-documented evidence. Without such a reason and evidence, the student will loose all quiz/exam points.
Academic
Integrity:
Academic Honesty Statement (WMU Policy)
You are responsible for making yourself
aware of and understanding the policies and procedures in the Undergraduate and
Graduate Catalogs that pertain to Academic Honesty. These policies include
cheating, fabrication, falsification and forgery, multiple submission, plagiarism,
complicity and computer misuse. [The policies can be found at http://catalog.wmich.edu under Academic Policies and Student Rights
and Responsibilities.] If there is reason to believe you have been
involved in academic dishonesty, you will be referred to the Office of Student
Conduct. You will be given the opportunity to review the charge(s). If you
believe you are not responsible, you will have the opportunity for a hearing.
You should consult with me if you are uncertain about an issue of academic honesty
prior to the submission of an assignment or test.
(The Code of Honor passed by the Faculty Senate, can also be found
at http://catalog.wmich.edu/content.php?catoid=11&page=09_students_rights_and_responsibilties.html
as a part of “Students Rights and
Responsibilities”)
Note: This is
a course for honest and ethical students only!
I will not tolerate any breaches
of academic integrity, including abuses of a lab
(if used), lab procedures, or projects.
Anybody found responsible for violation of
academic honesty in the course, will receive a penalty up to and including an E
grade in the class.
In addition, due to the nature of this
course, a course on security, should a student use any information
learned or any facilities provided by the course in an unethical way, I will
ask the Office of Student Conduct for the harshest penalties applicable. This
applies to acts committed both during and after the course (for example, if I
hear about an incident in a faculty meeting).
[This paragraph based on text
courtesy of Prof. Ajay Gupta and Prof. James Yang.]
Submission of another person’s work in
part or whole is not permitted. Learning can certainly occur with discussion of
class material and assignments with other students, but at all times ensure
that you don’t represent the work of another person as your own.
If you are copying another’s work in part or whole,
either by hand or electronically, without giving credits due (see below) you
are going too far
If two or more people or teams are working so closely
together that the outcomes, particularly on significant portions of project
reports or computer programs, are essentially the same in the logical
structure, they are going too far.
You should not give your completed work to someone
else or accept another’s completed work to “review or look at” in either
hardcopy or electronic form. This too easily facilitates copying.
Easy availability of information,
material, source codes, lecture notes, etc., on the
Internet may make it possible to find text useful for your report, slides, etc.
It is permitted (even required for your projects) to refer to those, understand
them and use them to enhance your solutions, generate your own ideas, etc.
However, you must give proper and full credit to original authors of the
work if you include their ideas or solutions (complete references and/or
indication of quoted material, as specified below, are required).
In particular, remember the following requirements
for avoiding any accusations of plagiarism:
If you rephrase ideas presented by
others in your text, you must provide a reference in this text, and then
list full bibliographic information for the reference at the end of your
report, slide presentation, etc.
Any quotes (as opposed to
references) must be clearly indicated in at least two ways: (a) with a clear
phrase or sentence (e.g. “Quoting Smith et al.:”), and (b) with a different form
of the text (e.g., written in italics, boxed, etc.) visible in black-and-white
documents.
Sharing information between Project Teams
is encouraged. A PT using rephrased ideas from another PT must give a
full reference to the “source PT.” A PT quoting text from another PT
must clearly indicate the quotes and give a full reference.
Students Rights and Responsibilities:
You are also
encouraged to familiarize yourself with University policies on human rights,
diversity issues, and students with disabilities.
Calendars are subject to change. Dates
and events are added or changed as information becomes available.
Date
|
Day
|
Fall 2009
|
Mar 2 |
Monday |
View
Course Offerings Fall Schedule through GoWMU |
Mar 16 |
Monday |
Registration
begins |
Aug 1 |
Saturday |
Last
day to apply for Dec graduation |
Sep 4 |
Friday |
Advising
Day |
Sep 7 |
Monday |
Labor
Day Recess |
Sep 8 |
Tuesday |
Classes begin 8 a.m. Tuition due |
Sep 14 |
Monday |
Drop/add
ends;
last day for 100% refund |
Sep 15 |
Tuesday |
Census |
Sep 16 |
Wednesday |
$100
late
add fee begins. Withdraws recorded as
"W" on transcript |
Sep 17 |
Thursday |
Last
day for 90% tuition refund for a complete
withdrawal |
Sep 21 |
Monday |
Last
day for 50% tuition refund for a partial
withdrawal |
Oct 2 |
Friday |
Last
day for 50% refund for complete
withdrawal |
Oct 28 |
Wednesday |
Last
day for 25% refund for Fall complete
withdrawal |
Nov 9 |
Monday |
Last
day to withdraw from Fall courses |
Nov 25 |
Wednesday |
Thanksgiving
Recess begins at noon |
Nov 30 |
Monday |
Classes
resume |
Dec 1 |
Tuesday |
Last
day to apply for April graduation |
Dec 14 - 18 |
||
Dec 19 |
Saturday |
Semester
ends/Commencement |
Dec 22 |
Tuesday |
Fall
grades due at noon |
Dec 25 |
Friday |
Holiday
closure begins (University closed) |
© 2007-2098 by Leszek T.
Lilien
Last updated on 8/28/09