CS 5950/6030:
Computer Security and Information Assurance
Spring 2006
Department of
Computer Science
Instructor: Dr. Leszek (LEH-shek) Lilien
CEAS
B-249, phone: (269) 276-3116
Email: llilien@cs.wmich.edu – please use for urgent matters only
Notes:
1) Only e-mail coming from a WMU account (ending with
“wmich.edu” will be read).
2) Files submitted as attachments will not be read
unless they are scanned with up-to-date anti-viral software, and the message
including them contains the following statement:
I
have scanned the enclosed file(s) with <name of software, its version>,
which was last updated on <date>.
Office
Hours: M 7:00 PM – 8:30 PM, W 1:15
PM – 2:45 PM
Classes: CEAS C0123, MW 5:30 PM – 6:45 PM
Class
Web Pages:
http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/index.html
Detailed Syllabus:
http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/syllabus.html
Class slides and announcements:
http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/slides.html
Texts:
Required: Pfleeger and Pfleeger, Security in Computing. Third
Edition, Prentice Hall PTR, 2003, ISBN 0-13-035548-8 (http://www.phptr.com/title/0130355488)
Recommended (for lab exercises): V.J. Nestler, W.A. Conklin, G.B.
White, and M.P. Hirsch, Computer Security Lab Manual,
McGraw-Hill/Irwin, 2005, ISBN 0-07-225508-0 (http://www.securitylabmanual.com)
Course Overview:
This course is a survey of topics in the realm of
computer/network security and information assurance. It introduces topics ranging from
cryptographic techniques to trusted systems to multilevel security to network
security to ethics in the computing profession.
Students will learn fundamental concepts of security that can be applied
to many traditional aspects of computer programming and computer system
design. The course will culminate in a
project where the students will have an opportunity to more fully investigate a
topic related to the course.
Course
Objectives:
The course is designed to provide knowledge including the following:
·
Security
terminology
·
Basic
cryptographic techniques: terminology, basic ciphers, private and public key
encryption, uses of encryption
·
Program security:
nonmalicious program errors (incl. buffer overflows), viruses, other malicious
code, targeted malicious code, controls against program threats
·
Protection in
operating systems: protected objects, methods of protection, access control,
authentication
·
Network security:
threats (incl. impersonation, spoofing, DoS, DDoS), controls (incl. encryption, strong
authentication), selected network security tools (firewalls, intrusion
detection)
·
Database
security: security requirements, sensitive data, inference, multilevel
databases
·
Legal, ethical,
privacy issues in Computer Security
Performance Objectives:
At the
end of the course, all students should be able to:
·
Describe and
correctly use fundamental terminology in the area of computer/network security
and information assurance
·
Describe
fundamental concepts of cryptography and assess the strengths and weaknesses of
common cryptographic protocols
·
Identify
weaknesses in program design and be able to categorize basic forms of attack
against programs
·
Understand the
basic concepts of security with regards to operating systems and access control
·
Understand
security threats in networks and available controls,
·
Describe database
attacks and protections against such attacks
·
Appreciate and
understand the legal, ethical, and privacy issues in computer security
Grading:
Quizzes 10%
Midterm Exam 25%
Final Exam 30%
Group Projects (incl. final project presentation) 35%
Course Policies:
·
Lecture notes
will be available on-line on the “announcements and slides” page. You should study
the slides and read announcements (if any) after each lecture.
·
Taking notes
during classes is highly encouraged.
Especially, you should write down anything that is written down using
the board or the document projector. You are encouraged to slow me down if you
need more time to take notes.
·
Attendance at
lectures is required. If you must miss a lecture, make sure that you don’t miss
announcements.
·
There might be
2-4 quizzes.
·
Quizzes will be
announced in class, no later than at the preceding lecture.
·
There will be two
exams for the class.
·
The midterm exam will be announced at least
a week in advance (most probably, it will be held during the sixth week of the
semester). It will be held during normal
class time.
·
The final exam will be held during the
finals week, as scheduled by the Registrar’s office, that is on Monday, April
24, 7:15 PM - 9:15 PM
(http://www.wmich.edu/registrar/finalexam.html)
NOTE: No make up exams will be given for reasons other
than emergency situations. If you
know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In
particular, early flight reservations are not an acceptable reason for a make
up exam.)
·
Small projects:
a.
1-2 small
projects will be individual and self-guided (using guidelines provided by
me). They will not be graded but lessons
learned may be checked by my quiz questions.
·
The final
project:
a.
The final project
will be done in teams consisting normally of 3-4 students.
b. I will propose a set of topics for the final project
to help students in final project selection. The teams are free to propose
their own topics for the final project but must obtain my buy-in before
starting their work.
c.
The results
obtained in the final project will be presented by the teams in class at the
end of the semester.
·
Project
presentation requirements more to be provided later):
a.
For all projects,
both technical contents and quality of (written and/or oral) presentation will
be evaluated for the total project credit.
b. No handwritten project reports will be accepted. All text and figures must be prepared using a
word processor (and a drawing program, if necessary).
c.
The project
reports must be submitted both as hard copies and in an electronic format.
i.
Required
electronic format: PDF and DOC.
ii.
The message
including project files must include information on anti-viral software used
(cf. above).
d.
Late project
reports will lose 33% per day beyond the due date.
Other Notes:
·
Since
email and telephone limit interactions, please see me during my office hours in
case of any course difficulties. (In
justified cases, a special appointment can be made.)
·
No
questions will be answered on the date of a quiz/exam. No office hours will be
held on the days of the midterm and final exams.
·
A
make-up quiz/exam can be given only when a student presents a valid
emergency reason for missing the test/exam, with well-documented evidence.
Without such a reason and evidence, the student will loose all quiz/exam
points.
Academic Honesty Statement (WMU Policy)
You are responsible for making yourself aware of and
understanding the policies and procedures in the Undergraduate Catalog (pp.
274-276) or the Graduate Catalog (pp. 25-27) that pertain to Academic Honesty.
These policies include cheating, fabrication, falsification and forgery,
multiple submission, plagiarism, complicity and computer misuse. If there is
reason to believe you have been involved in academic dishonesty, you will be
referred to the Office of Student Conduct. You will be given the opportunity to
review the charge(s). If you believe you are not responsible, you will have the
opportunity for a hearing. You should consult with me if you are uncertain
about an issue of academic honesty prior to the submission of an assignment or
test.
Note: Please be aware
that I will not tolerate any breaches
of academic integrity.
In addition, due to the nature of this course, should
a student use any information learned or any facilities provided by the course
in an unethical way, I will ask the Office of Student Conduct for the harshest
penalties applicable. This applies to acts committed both during and after the
course (for example, if I hear about an incident in a faculty meeting).
© 2006 by Leszek T. Lilien