[most recent updates are highlighted]


Syllabus for

CS 6030: Advanced Computer and Information Security (ACIS) - Spring 2009

Department of Computer Science

Western Michigan University


Instructor:            Dr. Leszek (LEH-shek) Lilien

                                CEAS B-249, phone: (269) 276-3116 (email preferred)

Classes:                 CEAS D-204, T and R, 4:30 pm - 5:45 pm

Office Hours:      T 12:00 pm – 1 :00 pm and R  6:15 pm – 7 :15 pm

Email:                   llilien@cs.wmich.edu – please use for urgent matters only

Only messages conforming to the following email requirements will be read by me.

Email requirements for CS 6030-ACIS-S09


Only e-mail coming from a WMU account will be read. A “WMU account” is one  ending with “wmich.edu” (e.g., “wmich.edu” or “cs.wmich.edu”) —

Each message must have a descriptive subject, preceded by one of prefixes indicated next:

 2.1) For messages not related to research projects or chapter/paper presentations (see below), use the following Subject line format:

CS6030-ACIS-S09--<your last name>: <descriptive subject>


CS6030-ACIS-S09--Smith: final exam date

 2.2) If your message is related to your chapter/paper presentation, use the following Subject line format:

CS6030-ACIS-S09--TCPT<id>: < descriptive subject>

where TCPT = Textbook Chapter Presentation Team, and id is the id of your TCPT.


for id = 6:   CS6030-ACIS-S09—TCPT6: FiRR for presentation by TCPT3

for id = 3:   CS6030-ACIS-S09—TCPT3: response to FiRR by TCPT6


IMPORTANT: Any member of a PT sending a message to me _must_ Cc it to all members of this TCPT, so: (a) all TCPT members are informed, and (b) I can easily reply to all.

  2.3) If your message is related to your research project, use the following Subject line format:

CS6030-ACIS-S09--PT<id>: <subject>

where PT = Project Team, and id is the id of your PT.


for id = 4:     CS6030-ACIS-S09--PT4: selected papers

for id = 8A:  CS6030-ACIS-S09--PT8A: selected papers


IMPORTANT: Any member of a PT sending a message to me _must_ Cc it to all members of this PT, so: (a) all PT members are informed, and (b) I can easily reply to all.


NOTE: Don't use "<" and ">" — they are only elements of format specifications


Attached files must be scanned with up-to-date anti-viral software, and the message including them must contain the following statement:

 I have scanned the enclosed file(s) with <name of software,   its version>, which was last updated on <date>.

where <date> should be the current date. (You should have the habit of updating your anti-viral software daily!)

NOTE: Don't use "<" and ">" — they are only elements of format specifications


Class Web Pages:

Main (this page):


Lecture slides and announcements:





Graduate student status.

Grade B or better in CS 5950/6030: Network Security or CS 5950/6030: Computer Security and Information Assurance or instructor’s permission.

Grade B or better in a course on computer networks.




1)   Main text:

      L. Buttyán and J.-P. Hubaux, Security and Cooperation in Wireless Networks. Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing. Cambridge University Press, 2008.

The textbook might still be available online (with the read-only restriction) – check at: http://secowinet.epfl.ch/index.php?page=home.html

Publisher’s web page with information about the book:


2)   Supplemental text 1:

S. Frankel, B. Eydt, L. Owens, and K. Scarfone, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. NIST Special Publication 800-97, February 2007.

Available at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf

or at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97-pdf.zip (the ZIPped version)

3)   Supplemental text 2:

T. Karygiannis and L. Owens, Wireless Network Security. 802.11, Bluetooth and Handheld Devices. NIST Special Publication 800-48, November 2002

Available at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

or at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.zip (the ZIPped version)

Other readings:

Papers, book chapters, etc., for individual lectures. When needed, they will be announced on the linked page with lecture slides and announcements (slides+announcements.html).

Readings might be divided into required and recommended (optional).



Course Overview:               

This is an advanced course for graduate students only.

The course will be research-oriented, with both “more theoretical” and “more practical” research projects in the areas of computer privacy and security. Topics for the projects will be suggested by me, or proposed by students and accepted by me. Depending on class size, each project will involve 1-3 students.

Each student will present in class a research paper and/or a section of a textbook (probably from Part II or Part III – see below) strongly related to the student’s project. It will be selected by me, or proposed by the student and accepted by me.

Lecture will cover the topics from the main textbook. Its Table of Contents lists the following issues:

Part I – Introduction

1. Existing Wireless Networks

2. New Wireless Networks and New Challenges

3. Trust

Part II – Thwarting Malicious Behavior

4. Naming and Addressing

5. Establishment of Security Associations

6. Securing Neighbor Discovery

7. Secure Routing in Multi-Hop Wireless Networks

8. Privacy Protection

Part III – Thwarting Selfish Behavior  

9. Selfish Behavior at the MAC layer of CSMA/CA

10. Selfishness in Packet Forwarding

11. Cooperation among Operators

12. Secure Protocols for Behavior Enforcement


A1. Introduction to Cryptographic Algorithms and Protocols

A2. A Tutorial on Game Theory for Wireless Networks

Optionally, the lecture might also cover other selected areas of advanced research in computer privacy and security, which are of most interest to me. Examples include:

Trust, privacy and security in opportunistic networks.

Privacy-preserving data dissemination.

Trust, privacy and security in pervasive systems, ad hoc networks, embedded networks and sensor networks.

Authentication and privacy, with emphasis on using trust for authorization, and authentication in healthcare systems.

Authentication attacks and controls.

Analysis of computer privacy and security paradigms and development of new ones.

Modeling computer fraud and investigating types of fraudulent user behaviors.

Vulnerability analysis and threat assessment/avoidance in computer systems, esp. in database systems.



Course Requirements for Students:              

Work on an own research project (1-3 students per project depending on class size). Projects will be usually chosen from the lecture topics and the optional “selected areas” listed above.

There will be three basic types of projects: survey/overview projects, implementation projects, or simulation projects. All projects will be developed under my supervision, which might include regular weekly meetings.

Present in class a publication—a research paper or a book section. It will be selected by me, or selected by you and accepted by me. This “long” presentation might last 30 minutes plus a 5-minute Q&A period.

Possibly, present in class your project results.  This “short” presentation will probably last 10 minutes plus a 5-minute Q&A period.

Write a research report describing results of your project.

Take the final exam.

There might be a few unannounced quizzes covering lectures (including presentations by fellow students) and required readings.



Course Policies:

1. Lecture

Lecture and presentation slides as well as announcements will be emailed to students (they might also be available on-line on the “slides and announcements” page). You should study the notes and read announcements (if any) after/before each lecture.

Taking notes during classes is highly encouraged.  Especially, you should write down anything that is written down using the board or the document projector. You are encouraged to slow me down if you need more time to take notes.

Attendance is required. If you must miss a lecture, make sure that you don’t miss announcements.

2. Group Projects

The group projects will be done in Project Teams (PTs) consisting normally of 1-3  students.

The instructor will propose a set of topics for the projects to help students in project selection. PTs are free to propose their own topics for the project but must obtain instructor’s buy-in before starting their work.

The results obtained in the final project will be communicated by the PTs: (a) in written reports submitted to me by the end of the semester, (b) if time allows, in slides presented in class before the end of the semester. Both technical contents and quality of (written or oral) presentation will be evaluated for the project grade (normally the same for all PT members).

All projects will be due no later than on the last day of regular classes.

More details about project requirements, including presentation and report requirements, will be provided later.

3. . Lecture Material or Research Paper Presentation and Reviewing

Students, organized into Textbook Chapter Presentation Teams (TCPTs), will prepare and deliver presentations of Chapters (or their parts) from the main text. Also selected research papers might be included in the presentations in addition to presenting textbook material.

For each presentation, one TCPT in the pair will play the role of Presenters, and another TCPT—of Reviewers. Reviewers will work with presenters before the in-class presentation to assure the best quality (completeness, clarity, etc.) of presentation (incl. slides). Criteria for reviewing slides and presentations will be provided by the instructor. (More details below.)

The material selected for presentation by the members of a presenting TCPT may (but does not have to) be related to the group projects of the TCPT members. The material assigned for reviewing to a reviewing TCPT should be unrelated to the group projects of the reviewing TCPT members. (In this way, if the reviewers understand the presentation, anybody in the class will. J )

The instructor will work with students to assist in selecting Chapters or theirs parts for each TCPT for presentation.  Reviewing TCPTs have to accept the presenting TCPT’s selection.

Example scenario: Each pair of TCPTs participates in two presentation/review rounds, with their roles switched in the second round. Suppose that TCPT3 and TCPT6 are paired with each other.

   In Round 1, TCPT3 is selected for presentation and TCPT6 for reviewing of selected material. TCPT3 is responsible for preparing the initial presentation.

Then, TCPT6 reviews the presentation (without reading the presented material in the textbook or papers since  TCPT6 members must be in a position in which other students will soon be). TCPT6 decides whether to review slides only, or request TCPT3 for  an entire mock presentation (at least the last TCPT6 review before the in-class presentation of the material should be a mock presentation.)

TCPT3 uses the feedback from all reviews by TCPT6 to improve the presentation. A few iterations of the review-improve process might be needed, as determined by TCPT6 (and, maybe, as requested by TCPT3).

The final mock presentation by TCPT3 ends with filling a form known as Final Review Report (FiRR), listing both strength and shortcomings of the presentation as perceived by TCPT6. TCPT3 can read and respond to the comments of the report.

Both FiRR from TCPT6 and the response by TCPT3 must be submitted to the instructor (both email, with a proper header including “FiRR,” and a hard copy are required.

   In Round 2, TCPT6 is selected for presentation, and TCPT3 for reviewing of material presented by TCPT6.

Presentations will be graded by the instructor with the feedback from all students in class, who will be asked to fill simple Presentation Evaluation questionnaires. The final score for the presenting TCPT will be based on both inputs. The final score for the reviewing TCPT will additionally use FiRR as an important output produced by of the reviewing TCPT.

  1. Exams

There will be one exam: the final exam. It will be held during the finals week, as scheduled by the Registrar’s Office (cf. http://www.wmich.edu/registrar/finalexam.html): “All Tuesday 4 -5:29 pm classes  [have final exam on] Tuesday, April 21, 5 - 7 pm”

If you miss the exam and are excused, you will be required to take a make-up final exam as scheduled by the Registrar’s Office (cf. the same web page). To be excused, you must prove significant circumstances beyond your control.  Generally this will require documentation, such as a doctor’s note in case of an illness.   If possible, inform the instructor before the exam if circumstances beyond your control will cause missing the exam.

NOTE: No make-up exams will be given for reasons other than emergency situations completely beyond student’s control. If you know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In particular, early flight reservations are not an acceptable reason for a make-up exam.)

5. Incomplete Grades

The incomplete grade - I - is intended for a student who has missed a relatively small portion of work due to circumstances beyond the student’s control.  In general, performance on work done must be at a level of C or better in order to qualify for an incomplete.  An I grade will not be given to replace an otherwise low or failing grade in the class. 



Team project (incl. final project presentation)                              50%

Chapter or research paper presentation by PT                                5%

Review of paired PT presentation                                                      5%

Final exam                                                                                           40%

In case chapter or paper presentations/reviews are not possible (e.g., due to time constraints), 5% will be added to Team project and 5% to Final exam.


Use of Electronic Devices:             [courtesy of Prof. Ajay Gupta and Prof. James Yang]

You are expected to stay alert and pay attention in class. Cellphones, PDAs, and other electronic devices should not be used during the lecture and should be turned off.

If available, you may bring your laptop to the class. Your laptop speakers must be turned off. Emailing, web-surfing, etc. during the class is not permitted. You may use laptops only when specifically told to do so. In order to maintain the integrity and to prevent distractions in the classroom, the instructor may ask students to turn off laptop and other devices.

It is a common courtesy to prevent your cellphone from ringing when in the classroom.


Other Notes:



Academic Integrity:         

Academic Honesty Statement (WMU Policy)

The following statement has been approved and distributed by the Western Michigan University Faculty Senate: 

You are responsible for making yourself aware of and understanding the policies and procedures in the Undergraduate and Graduate Catalogs that pertain to Academic Honesty. These policies include cheating, fabrication, falsification and forgery, multiple submission, plagiarism, complicity and computer misuse. [The policies can be found at http://catalog.wmich.edu under Academic Policies, Student Rights and Responsibilities.]  If there is reason to believe you have been involved in academic dishonesty, you will be referred to the Office of Student Conduct. You will be given the opportunity to review the charge(s). If you believe you are not responsible, you will have the opportunity for a hearing. You should consult with me if you are uncertain about an issue of academic honesty prior to the submission of an assignment or test.

You are also encouraged to browse http://osc.wmich.edu and www.wmich.edu/registrar to access the Code of Honor and general academic policies on such issues as diversity, religious observance, student disabilities, etc.

Note:    This is a course for honest and ethical students only!

                I will not tolerate any breaches of  academic integrity, including abuses of a lab (if used), lab procedures, or projects.

.             In addition, due to the nature of this course, should a student use any information learned or any facilities provided by the course in an unethical way, I will ask the Office of Student Conduct for the harshest penalties applicable. This applies to acts committed both during and after the course (for example, if I hear about an incident in a faculty meeting).


[Based on text courtesy of Prof. Ajay Gupta and Prof. James Yang.]

Submission of another person’s work in part or whole is not permitted. Learning can certainly occur with discussion of class material and assignments with other students, but at all times ensure that you don’t represent the work of another person as your own.  In particular, remember the following:

If you rephrase ideas presented by others in your text, you must provide a reference in this text, and then list full bibliographic information for the reference at the end of your report, slides, etc.

Any quotes (as opposed to references) must be clearly indicated in at least two ways: (a) with a clear phrase or sentence (e.g. “Quoting Smith et al.:”), and (b) with a different form of the text (e.g., written in italics, boxed, etc.).

Easy availability of information, material, source codes, lecture notes, etc., on the Internet may make it possible to find text useful for your report, slides, etc. It is okay (even required for your projects) to refer to those, understand them and use them to enhance your solutions, generate your own ideas, etc. However, you must give proper and full credit to original authors of the work if you include their ideas or solutions (complete references and/or indication of quoted material are required).

Sharing information between PTs is encouraged. A PT using rephrased ideas from another PT must give a full reference to the “source PT.” A PT quoting text from another PT must clearly indicate the quotes and give a full reference.


Anybody found responsible for violation of academic honesty in the course, will receive a course penalty up to and including an E grade in the class. Additional disciplinary actions can be taken by the Department, the College, and the University.



Students Rights and Responsibilities:

You are also encouraged to familiarize yourself with University policies on human rights, diversity issues, and students with disabilities. (They can also be found at www.wmich.edu/catalog; cf. “Students Rights and Responsibilities.”)



Some Dates of Interest

01/09/09 - Last day to add/drop/change (100% refund)

01/16/09 - Last day to drop a class (50% refund)

01/15/09 - Last Day to receive a 90% Tuition Refund (for a complete withdrawal)

01/16/09 - Last Day to receive a 50% Tuition Refund (for a partial withdrawal)

01/19/09 - No classes, MLK Day

03/02/09 - 03/08/09 - Spring Break

03/16/09 - Last day to withdraw (no refund, W recorded on the transcript)

04/20/09 - Final examination week starts.



© 2007-2009 by Leszek T. Lilien                                                                       Last updated on 1/8/09