CS 5950/6030:

Computer Security and Information Assurance

Spring 2006

Department of Computer Science

Western Michigan University

 

Instructor:            Dr. Leszek (LEH-shek) Lilien

                                CEAS B-249, phone: (269) 276-3116

                                Email: llilien@cs.wmich.edu – please use for urgent matters only

     Notes:

1)   Only e-mail coming from a WMU account (ending with “wmich.edu” will be read).

2)   Files submitted as attachments will not be read unless they are scanned with up-to-date anti-viral software, and the message including them contains the following statement:

      I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>.

 

Office Hours:       M 7:00 PM – 8:30 PM, W 1:15 PM – 2:45 PM

 

Classes:                CEAS C0123, MW 5:30 PM – 6:45 PM

 

Class Web Pages:

Main (this page):

      http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/index.html

Detailed Syllabus:

      http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/syllabus.html

Class slides and announcements:

      http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/slides.html

 

 

Texts:

Required:      Pfleeger and Pfleeger, Security in Computing. Third Edition, Prentice Hall PTR, 2003, ISBN 0-13-035548-8 (http://www.phptr.com/title/0130355488)

 

Recommended (for lab exercises):   V.J. Nestler, W.A. Conklin, G.B. White, and M.P. Hirsch, Computer Security Lab Manual, McGraw-Hill/Irwin, 2005, ISBN 0-07-225508-0 (http://www.securitylabmanual.com)

 

Course Overview:               

        This course is a survey of topics in the realm of computer/network security and information assurance.  It introduces topics ranging from cryptographic techniques to trusted systems to multilevel security to network security to ethics in the computing profession.  Students will learn fundamental concepts of security that can be applied to many traditional aspects of computer programming and computer system design.  The course will culminate in a project where the students will have an opportunity to more fully investigate a topic related to the course.

 

Course Objectives:            

The course is designed to provide knowledge including the following:

·         Security terminology

·         Basic cryptographic techniques: terminology, basic ciphers, private and public key encryption, uses of encryption

·         Program security: nonmalicious program errors (incl. buffer overflows), viruses, other malicious code, targeted malicious code, controls against program threats

·         Protection in operating systems: protected objects, methods of protection, access control, authentication

·         Network security: threats (incl. impersonation, spoofing, DoS, DDoS),  controls (incl. encryption, strong authentication), selected network security tools (firewalls, intrusion detection)

·         Database security: security requirements, sensitive data, inference, multilevel databases

·         Legal, ethical, privacy issues in Computer Security

 

Performance Objectives:

At the end of the course, all students should be able to:

·         Describe and correctly use fundamental terminology in the area of computer/network security and information assurance

·         Describe fundamental concepts of cryptography and assess the strengths and weaknesses of common cryptographic protocols

·         Identify weaknesses in program design and be able to categorize basic forms of attack against programs

·         Understand the basic concepts of security with regards to operating systems and access control

·         Understand security threats in networks and available controls,

·         Describe database attacks and protections against such attacks

·         Appreciate and understand the legal, ethical, and privacy issues in computer security

 

Grading:

Quizzes                                                                  10%

Midterm Exam                                                       25%                       

Final Exam                                                             30%

Group Projects (incl. final project presentation)             35%

 

Course Policies:

  1. Lecture

·         Lecture notes will be available on-line on the “announcements and slides” page. You should study the slides and read announcements (if any) after each lecture.

·         Taking notes during classes is highly encouraged.  Especially, you should write down anything that is written down using the board or the document projector. You are encouraged to slow me down if you need more time to take notes.

·         Attendance at lectures is required. If you must miss a lecture, make sure that you don’t miss announcements.

  1. Quizzes

·         There might be 2-4 quizzes.

·         Quizzes will be announced in class, no later than at the preceding lecture.

  1. Exams

·         There will be two exams for the class. 

·         The midterm exam will be announced at least a week in advance (most probably, it will be held during the sixth week of the semester).  It will be held during normal class time.

·         The final exam will be held during the finals week, as scheduled by the Registrar’s office, that is on Monday, April 24, 7:15 PM - 9:15 PM

        (http://www.wmich.edu/registrar/finalexam.html)

 

NOTE: No make up exams will be given for reasons other than emergency situations. If you know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In particular, early flight reservations are not an acceptable reason for a make up exam.)

 

  1. Project(s)

·         Small projects:

a.        1-2 small projects will be individual and self-guided (using guidelines provided by me).  They will not be graded but lessons learned may be checked by my quiz questions.

·         The final project:

a.        The final project will be done in teams consisting normally of 3-4 students.

b.       I will propose a set of topics for the final project to help students in final project selection. The teams are free to propose their own topics for the final project but must obtain my buy-in before starting their work.

c.        The results obtained in the final project will be presented by the teams in class at the end of the semester.

·         Project presentation requirements more to be provided later):

a.        For all projects, both technical contents and quality of (written and/or oral) presentation will be evaluated for the total project credit.

b.       No handwritten project reports will be accepted.  All text and figures must be prepared using a word processor (and a drawing program, if necessary).

c.        The project reports must be submitted both as hard copies and in an electronic format.

                                                                           i.      Required electronic format: PDF and DOC.

                                                                          ii.      The message including project files must include information on anti-viral software used (cf. above).

d.       Late project reports will lose 33% per day beyond the due date.

 

Other Notes:

·         Since email and telephone limit interactions, please see me during my office hours in case of any course difficulties.  (In justified cases, a special appointment can be made.)

·         No questions will be answered on the date of a quiz/exam. No office hours will be held on the days of the midterm and final exams.

·         A make-up quiz/exam can be given  only when a student presents a valid emergency reason for missing the test/exam, with well-documented evidence. Without such a reason and evidence, the student will loose all quiz/exam points.

 

Academic Honesty Statement (WMU Policy)

You are responsible for making yourself aware of and understanding the policies and procedures in the Undergraduate Catalog (pp. 274-276) or the Graduate Catalog (pp. 25-27) that pertain to Academic Honesty. These policies include cheating, fabrication, falsification and forgery, multiple submission, plagiarism, complicity and computer misuse. If there is reason to believe you have been involved in academic dishonesty, you will be referred to the Office of Student Conduct. You will be given the opportunity to review the charge(s). If you believe you are not responsible, you will have the opportunity for a hearing. You should consult with me if you are uncertain about an issue of academic honesty prior to the submission of an assignment or test.

 

Note:      Please be aware that I will not tolerate any breaches of  academic integrity.

In addition, due to the nature of this course, should a student use any information learned or any facilities provided by the course in an unethical way, I will ask the Office of Student Conduct for the harshest penalties applicable. This applies to acts committed both during and after the course (for example, if I hear about an incident in a faculty meeting).

 

 

© 2006 by Leszek T. Lilien