CS 5950 – Computer Security and Information Assurance (CSIA)
Instructor: Dr. Leszek (LEH-shek) Lilien, CEAS B-249, phone: (269) 276-3116 (email preferred)
Email: firstname.lastname@example.org – Only messages related to urgent matters and conforming to the following email requirements will be read by me.
Email requirements for CS 5950-S08
Messages must be from an address ending with “wmich.edu” (e.g., from “wmich.edu” or “cs.wmich.edu”).
Each message must have a descriptive subject, preceded by one of prefixes indicated next:
(b.1) For your message related to other CS5950-CSIA topics, use the original Subject line format:
CS5950-S08--<your last name>: <subject>
Example: CS5950-S08--Smith: final exam date
(b.2) If your message is related to your project (required for graduate students taking this course), use the following Subject line format:
where PT = Project Team, and id is the id of your Project Team.
for id = 4: CS5950-S08--PT4: selected papers
for id = 8A: CS5950-S08--PT8A: selected paper
IMPORTANT: Any member of a PT sending a message to me _must_ Cc it to all members of this PT (so: (a) all PT members are informed, and (b) I can easily reply to all).
NOTE: Don't use "<" and ">" -- they are only elements of format specifications)
Attached files must be scanned with up-to-date anti-viral software, and the message including them must contain the following statement:
I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>.
where <date> should be the current date. (You should have the habit of updating your anti-viral software daily!)
Classes: M and W 7:30 pm – 8:45 pm, CEAS D-202
Office Hours: M 4:15 pm – 5:15 pm, W 6:00 pm – 7:00 pm
Lecture Web Pages:
Syllabus - main page (this page): index.htm
Detailed course outline: outline.htm
Announcements and slides: announcements+slides.htm
Lab Web Page:
Lab information main page (TA: Mr. Lotfi Ben Othmane): CSLab5950index.htm
Grade C or better in CS 4540: Operating Systems or equivalent, or instructor’s permission.
Grade C or better in CS 5550: Computer Networks or equivalent, or instructor’s permission.
Required: Pfleeger and Pfleeger, Security in Computing. Fourth Edition, Prentice Prentice
Hall PTR, 2007, ISBN-10: 0132390779, ISBN-13: 9780132390774
Highly recommended (for lab exercises): V.J. Nestler, W.A. Conklin, G.B. White, and M.P. Hirsch, Computer Security Lab Manual, McGraw-Hill/Irwin, 2005, ISBN 0-07-225508-0 (http://www.securitylabmanual.com)
This course is a survey of topics in the realm of computer/network security and information assurance. It introduces topics ranging from cryptographic techniques to trusted systems to multilevel security to network security to ethics in the computing profession. Students will learn fundamental concepts of security that can be applied to many traditional aspects of computer programming and computer system design.
The course is designed to provide knowledge including the following:
Basic cryptographic techniques: terminology, basic ciphers, private and public key encryption, uses of encryption
Network security: threats (incl. impersonation, spoofing, DoS, DDoS), controls (incl. encryption, strong authentication), selected network security tools (firewalls, intrusion detection)
Program security: nonmalicious program errors (incl. buffer overflows), viruses, other malicious code, targeted malicious code, controls against program threats
Legal, ethical, privacy issues in Computer Security
If time permits: Protection in operating systems: protected objects, methods of protection, access control, authentication
If time permits: Database security: security requirements, sensitive data, inference, multilevel databases
At the end of the course, all students should be able to:
Describe and correctly use fundamental terminology in the area of computer/network security and information assurance
Describe fundamental concepts of cryptography and assess the strengths and weaknesses of common cryptographic protocols
Understand security threats and available controls in networks
Identify weaknesses in program design and be able to categorize basic forms of attack against programs
Appreciate and understand the legal, ethical, and privacy issues in computer security
If time permits: Understand the basic concepts of security with regards to operating systems and access control
If time permits: Describe database attacks and protections against such attacks
Lecture notes will be available on-line on the “slides and announcements” page. You should study the slides and read announcements (if any) after/before each lecture.
Taking notes during classes is highly encouraged. Especially, you should write down anything that is written down using the board or the document projector. You are encouraged to slow me down if you need more time to take notes.
Attendance is required. If you must miss a lecture, make sure that you don’t miss announcements.
I expect to have a lab assistant’s support for the lab. Lab assistant’s web page for the lab is:
Lab assignments, based on the recommended textbook (“Computer Security Lab Manual”), will be weekly or bi-weekly.
The assignments must be run entirely in the secure environment of the Computer Security Lab (CEAS C-208). Running them in any other environment, including your own desktop or laptop, is prohibited since it may cause security threats to you or others.
Reports or demonstrations (to the lab TA) will be required for each lab assignment.
Each assignment will have a due date/time. For each day an assignment is late, 10% of the maximum assignment score will be deducted. Weekends and holidays are not counted when calculating lateness. No assignments will be accepted after 11:59 pm on the day of the last class (during the week preceding the final Examination Week).
3. Group Projects – for Graduate Students Only
The group projects will be done in Project Teams (PTs) consisting normally of 2-4 students.
I will propose a set of topics for the project to help students in project selection. PTs are free to propose their own topics for the project but must obtain my buy-in before starting their work.
The results obtained in the final project will be communicated by the PTs: (a) in written reports submitted to me by the end of the semester, (b) maybe also in slides presented in class before the end of the semester. Both technical contents and quality of (written or oral) presentation will be evaluated for the project grade (normally the same for all PT members).
All projects will be due no later than on the last day of regular classes (during the week preceding the Final Examination week).
More details about project requirements, including presentation and report requirements, will be provided later.
There will be two exams for the class.
The midterm exam will be announced at least a week in advance (most probably, it will be held during the sixth week of the semester). It will be held during the normal class time.
The final exam will be held during the finals week, as scheduled by the Registrar’s Office (for “all Monday 5:30 p.m. & after” classes ):
Monday, April 21, 7:15 pm-9:15 pm
If you miss an exam and are excused, you will be required to take a make-up exam. To be excused, there must be significant circumstances beyond the student’s control. Generally this will require documentation, such as a doctor’s note in case of an illness. You should inform the instructor before the exam if there are circumstances beyond your control that will cause missing an exam.
NOTE: No make-up exams will be given for reasons other than emergency situations completely beyond student’s control. If you know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In particular, early flight reservations are not an acceptable reason for a make up exam.)
The incomplete grade - I - is intended for a student who has missed a relatively small portion of work due to circumstances beyond his/her control. In general, performance on work done must be at a level of C or better in order to qualify for an incomplete. An I grade will not be given to replace an otherwise low or failing grade in the class.
6. Other Issues
By registering in this class you agree that your presentations and term papers, if any, will be posted on the publically available web site for the course. No requests to remove your name will be accepted.
You are expected to stay alert and pay attention to the directions/announcements in the class. Cellphones, PDAs, and other electronic devices should NOT be used during the lecture and should be turned off.
If available, you may bring your laptop to the class. Your laptop speakers must be turned off. Web-surfing of material other than lecture slides or another material indicated by the instructor is not permitted during the class. You may surf the web only when specifically told to do so. In order to maintain the integrity of the classroom and if I feel it is distracting you or others, I may ask you to turn-off your laptop.
Since email and telephone limit interactions, please see me during my office hours in case of any course difficulties. (In justified cases, a special appointment can be made.)
No questions will be answered on the date of a quiz/exam. No office hours will be held on the days of the midterm and final exams.
A make-up quiz/exam can be given only when a student presents a valid emergency reason for missing the quiz/exam, with well-documented evidence. Without such a reason and evidence, the student will loose all quiz/exam points.
Academic Honesty Statement (WMU Policy)
You are responsible for making yourself aware of and understanding the policies and procedures in the Undergraduate and Graduate Catalogs that pertain to Academic Honesty. These policies include cheating, fabrication, falsification and forgery, multiple submission, plagiarism, complicity and computer misuse. [The policies can be found at www.www.wmich.edu/catalog under Academic Policies, Student Rights and Responsibilities.] If there is reason to believe you have been involved in academic dishonesty, you will be referred to the Office of Student Conduct. You will be given the opportunity to review the charge(s). If you believe you are not responsible, you will have the opportunity for a hearing. You should consult with me if you are uncertain about an issue of academic honesty prior to the submission of an assignment or test.
(The Code of Honor passed by the Faculty Senate in November 2004 and administration in December 2004, can also be found at www.www.wmich.edu/catalog.)
Note: This is a course for honest and ethical students only!
I will not tolerate any breaches of academic integrity, including abuses of a lab (if used), lab procedures, or projects.
Anybody found responsible for violation of academic honesty in the course, will receive a penalty up to and including an E grade in the class. Additional disciplinary actions can be taken by the Department, the College, and the University.
In addition, due to the nature of this course, a course on security, should a student use any information learned or any facilities provided by the course in an unethical way, I will ask the Office of Student Conduct for the harshest penalties applicable. This applies to acts committed both during and after the course (for example, if I hear about an incident in a faculty meeting).
[This paragraph based on text courtesy of Prof. Ajay Gupta and Prof. James Yang.]
Submission of another person’s work in part or whole is not permitted. Learning can certainly occur with discussion of class material and assignments with other students, but at all times ensure that you don’t represent the work of another person as your own.
If you are copying another’s work in part or whole, either by hand or electronically, without giving credits due (see below) you are going too far
If two or more people or teams are working so closely together that the outcomes, particularly on significant portions of project reports or computer programs, are essentially the same in the logical structure, they are going too far.
You should not give your completed work to someone else or accept another’s completed work to “review or look at” in either hardcopy or electronic form. This too easily facilitates copying.
Easy availability of information, material, source codes, lecture notes, etc., on the Internet may make it possible to find text useful for your report, slides, etc. It is permitted (even required for your projects) to refer to those, understand them and use them to enhance your solutions, generate your own ideas, etc. However, you must give proper and full credit to original authors of the work if you include their ideas or solutions (complete references and/or indication of quoted material, as specified below, are required).
In particular, remember the following requirements for avoiding any accusations of plagiarism:
If you rephrase ideas presented by others in your text, you must provide a reference in this text, and then list full bibliographic information for the reference at the end of your report, slide presentation, etc.
Any quotes (as opposed to references) must be clearly indicated in at least two ways: (a) with a clear phrase or sentence (e.g. “Quoting Smith et al.:”), and (b) with a different form of the text (e.g., written in italics, boxed, etc.) visible in black-and-white documents.
Sharing information between Project Teams is encouraged. A PT using rephrased ideas from another PT must give a full reference to the “source PT.” A PT quoting text from another PT must clearly indicate the quotes and give a full reference.
© 2007-2008 by Leszek T. Lilien Last updated on 1/15/08