Syllabus for
CS 5700 – Computer
Security and Information Assurance (CSIA)
Fall 2010
Department of
Computer Science, Western Michigan
University
Instructor: Dr. Leszek (LEH-shek) Lilien
CEAS B-249, phone: (269) 276-3116 (email preferred)
Email:
llilien@cs.wmich.edu – Only messages
conforming to the following email requirements can expect a quick reply.
Email requirements for CS
5700-F10 Replies to messages that do not conform to the
following requirements might be delayed or missing (e.g., due to automatic
classification of the message as junk mail): a) The message should be
sent from a WMU account - ending with “wmich.edu” (of course, this includes
accounts ending with “cs.wmich.edu”). b) The message should have
a descriptive subject with the indicated prefix: (b.1) If your message is related to your project (required for
graduate students taking this course), use the following Subject line format: CS5700-CSIA-F10--PT<id>:
<subject> where PT = Project
Team, and id is the id of your Project Team. Examples: for id =
4:
CS5700-CSIA-F10--PT4:
selected papers for id =
8A: CS5700-CSIA-F10--PT8A:
selected papers IMPORTANT: Any member of a PT sending a message to
me _must_ Cc it to all members of this PT, so: (a) all PT members are
informed, and (b) I can easily reply to all. (b.2)
For your messages related to other CS5700-CSIA topics, use the
following Subject line format: CS5700-CSIA-F10--<your
last name>: <subject> Example: CS5700-CSIA-F10--Smith:
final exam date NOTE: Don't use "<" and
">" — they are only elements of format specifications Attached files must be scanned with up-to-date anti-viral
software, and the message including them must contain the following
statement: I
have scanned the enclosed file(s) with <name of software, its
version>, which was last updated on <date>. where <date> should be the
current date. (You should have the habit of updating your anti-viral software
daily!). |
Lectures: T and R 6:00 pm
– 7:15 pm, CEAS C-136
Office
Hours: TBA
Lecture
Web Pages:
Syllabus - main page (this page):
index.htm
Detailed course outline: outline.htm
Announcements and slides: announcements+slides.htm
Lab Web Page:
Lab information main page (TA: TBD): TBD
Prerequisites:
Grade C or better in CS 5550: Computer Networks or equivalent, or instructor’s permission.
Texts:
Required: Pfleeger and Pfleeger, Security in Computing. Fourth Edition, Prentice
Hall PTR, 2007, ISBN-10: 0132390779,
ISBN-13: 9780132390774
(http://vig.prenhall.com/catalog/academic/product/0,1144,0132390779,00.html)
Highly recommended (for lab
exercises): V.J.
Nestler, W.A. Conklin, G.B. White, and M.P. Hirsch, Computer Security Lab
Manual, McGraw-Hill/Irwin, 2005, ISBN 0-07-225508-0 (http://www.securitylabmanual.com)
Course
Overview:
This course is a survey of topics in the realm of
computer/network security and information assurance. It introduces a
broad range of topics including: cryptographic techniques, network security,
program security, privacy, and ethics in the computing profession.
Students will learn fundamental concepts of security that can be applied to
many traditional aspects of computer programming and computer system design.
Course Objectives:
The course is designed to provide
knowledge including the following:
Security terminology
Basic cryptographic techniques:
terminology, basic ciphers, private and public key encryption, uses of
encryption
Network security: threats (incl.
impersonation, spoofing, DoS, DDoS), controls (incl. encryption, strong
authentication), selected network security tools (firewalls, intrusion
detection)
Program security: nonmalicious program
errors (incl. buffer overflows), viruses, other malicious code, targeted
malicious code, controls against program threats
Legal, ethical, privacy issues in
Computer Security
If time permits: Protection in operating systems: protected objects,
methods of protection, access control, authentication
If time permits: Database security: security requirements, sensitive
data, inference, multilevel databases
Performance Objectives:
At the end of the course, all students should be able
to:
Describe and correctly use fundamental terminology in
the area of computer/network security and information assurance
Describe fundamental concepts of
cryptography and assess the strengths and weaknesses of common cryptographic
protocols
Understand security threats and
available controls in networks
Identify weaknesses in program design
and be able to categorize basic forms of attack against programs
Appreciate and understand the legal,
ethical, and privacy issues in computer security
If time permits: Understand the basic concepts of security with
regards to operating systems and access control
If time permits: Describe database attacks and protections against
such attacks
Grading:
Lab
30%
Midterm
30%
Final
40%
Lab
20%
Midterm
20%
Final
30%
Project
30%
Course Policies:
Lecture notes will be available on-line
on the “slides and announcements” page or emailed to the class. You should
study the slides and read announcements (if any) after/before each lecture.
Taking notes during classes is highly
encouraged. Especially, you should write down anything that is written
down using the board or the document projector. You are encouraged to slow me
down if you need more time to take notes.
Attendance is required. If you must miss
a lecture, make sure that you don’t miss announcements.
I expect to have a lab assistant’s
support for the lab. Lab assistant’s web page for the lab is given above under
the Lab Web Page header.
Lab assignments, based on the
recommended textbook (“Computer
Security Lab Manual”), will be weekly or bi-weekly.
The assignments must be run entirely in
the secure environment of the Computer Security Lab (CEAS C-208). Running them in any other environment, including your own
desktop or laptop, is prohibited since it may cause security threats to
you or others.
Reports or demonstrations (to the lab
TA) will be required for each lab assignment.
Each assignment will have a due
date/time. For each day an assignment is late, 10% of the maximum
assignment score will be deducted. Weekends and holidays are not counted
when calculating lateness. No assignments will be accepted after 11:59 pm
on the day of the last class (during the week preceding the final Examination
Week).
3. Group Projects
– for Graduate
Students Only
The group projects will be
done in Project Teams (PTs) consisting normally of 2-4 students.
I will propose a set of
topics for the project to help students in project selection. PTs are free to
propose their own topics for the project but must obtain my buy-in before
starting their work.
More details about project
requirements, including presentation and report requirements, will be provided
later.
4.
Exams
There will be two exams for the
class.
The midterm exam will be
announced at least a week in advance (most probably, it will be held during the
sixth week of the semester). It will be held during the normal class
time.
The final exam will be held
during the finals week, as scheduled by the Registrar’s Office (for “All
Tuesday 5:30 p.m. & after
>>>> TBA <<<”
see: http://www.wmich.edu/registrar/finalexam.html
If you miss an exam and are
excused, you will be required to take a make-up exam. To be excused, there must be significant circumstances beyond the student’s control. Generally this will require documentation, such as
a doctor’s note in case of an illness.
NOTE: No make-up exams will be given
for reasons other than emergency situations completely beyond student’s
control. If you know ahead of time
that the final exam time conflicts with your plans, do not register for
this class. (In particular, early flight reservations are not an acceptable
reason for a make up exam.)
5. Incomplete
Grades
6. Other Issues
You are expected to stay alert and pay attention to
the directions/announcements in the class. Cellphones, PDAs, and other
electronic devices should NOT be used during the lecture and should be turned
off.
If available, you may bring your laptop to the class.
Other
Notes:
Since email and
telephone limit interactions, please see me during my office hours in case of
any course difficulties. (In justified cases, a special appointment can
be made.)
No questions
will be answered on the date of a quiz/exam. No office hours will be held on
the days of the midterm and final exams.
A make-up
quiz/exam can be given only when a student presents a valid
emergency reason for missing the quiz/exam, with well-documented evidence.
Without such a reason and evidence, the student will loose all quiz/exam
points.
Academic
Integrity:
Academic Honesty Statement (WMU Policy)
You are responsible for making yourself
aware of and understanding the policies and procedures in the Undergraduate and
Graduate Catalogs that pertain to Academic Honesty. These policies include
cheating, fabrication, falsification and forgery, multiple submission,
plagiarism, complicity and computer misuse. [The policies can be found at http://catalog.wmich.edu under Academic
Policies, Student Rights and Responsibilities.] If there is reason to believe
you have been involved in academic dishonesty, you will be referred to the
Office of Student Conduct. You will be given the opportunity to review the
charge(s). If you believe you are not responsible, you will have the
opportunity for a hearing. You should consult with your instructor if you are
uncertain about an issue of academic honesty prior to the submission of an
assignment or test.
We also encourage you to browse http://osc.wmich.edu and
www.wmich.edu/registrar to access
the Code of Honor and general academic policies on such issues as diversity,
religious observance, student disabilities, etc.
Note: This is
a course for honest and ethical students only!
I will not tolerate any breaches
of academic integrity, including abuses of a lab (if used), lab
procedures, or projects.
Anybody found responsible for violation of
academic honesty in the course, will receive a penalty up to and including an E
grade in the class.
In addition, due to the nature of this
course, a course on security, should a student use any information
learned or any facilities provided by the course in an unethical way, I will
ask the Office of Student Conduct for the harshest penalties applicable. This
applies to acts committed both during and after the course (for example, if I
hear about an incident in a faculty meeting).
[This paragraph based on text
courtesy of Prof. Ajay Gupta and Prof. James Yang.]
Submission of another person’s work in
part or whole is not permitted. Learning can certainly occur with discussion of
class material and assignments with other students, but at all times ensure
that you don’t represent the work of another person as your own.
If you are copying another’s work in part or whole,
either by hand or electronically, without giving credits due (see below) you
are going too far
If two or more people or teams are working so closely together
that the outcomes, particularly on significant portions of project reports or
computer programs, are essentially the same in the logical structure, they are
going too far.
You should not give your completed work to someone
else or accept another’s completed work to “review or look at” in either
hardcopy or electronic form. This too easily facilitates copying.
Easy availability of information,
material, source codes, lecture notes, etc., on the Internet may make it
possible to find text useful for your report, slides, etc. It is permitted
(even required for your projects) to refer to those, understand them and use
them to enhance your solutions, generate your own ideas, etc. However, you must
give proper and full credit to original authors of the work if you include
their ideas or solutions (complete references and/or indication of quoted
material, as specified below, are required).
In particular, remember the following requirements
for avoiding any accusations of plagiarism:
If you rephrase ideas presented by
others in your text, you must provide a reference in this text, and then
list full bibliographic information for the reference at the end of your
report, slide presentation, etc.
Any quotes (as opposed to references)
must be clearly indicated in at least two ways: (a) with a clear phrase or
sentence (e.g. “Quoting Smith et al.:”), and (b) with a different form
of the text (e.g., written in italics, boxed, etc.) visible in black-and-white
documents.
Sharing information between Project Teams
is encouraged. A PT using rephrased ideas from another PT must give a
full reference to the “source PT.” A PT quoting text from another PT
must clearly indicate the quotes and give a full reference.
Students Rights and Responsibilities:
You are also
encouraged to familiarize yourself with University policies on human rights,
diversity issues, and students with disabilities.
Note: Calendars are subject to change. Dates and events are added or
changed as information becomes available.
|
© 2007-2010 by Leszek T.
Lilien
Last
updated on 8/11/10