[most recent updates are highlighted]
CS 6700 Advanced Computer and Information Security (ACIS) - Spring 2015
Instructor: Dr. Leszek (LEH-shek) Lilien
Office: CEAS B-249
Phone: (269) 276-3116 (email preferred)
Classes: CEAS D-212, TR, 4:00 p.m. - 5:15 p.m.
Office Hours: Tu & Th 6:00 p.m. – 7:00 p.m.
Email requirements for CS 6700
Only messages conforming to the following email requirements will reach me.
Only e-mail coming from a WMU account will be read. A “WMU account” is one ending with “wmich.edu” (e.g., “wmich.edu” or “cs.wmich.edu”).
Each message must have a descriptive subject, preceded by one of prefixes indicated next:
2.1) For messages not related to research projects or chapter/paper presentations (see below), use the following Subject line format:
CS6700–S15-<your last name>: <descriptive subject>
Example (assuming that the student’s name is Smith):
CS6700-S15-Smith: final exam date
2.2) If your message is related to your chapter/paper presentation, use the following Subject line format:
CS6700–S15-TCPT<id>: <descriptive subject>
where TCPT = Textbook Chapter Presentation Team, and id is the id of your TCPT.
Examples (assuming that TCPT id is 6 or 3, resp.):
for id = 6 CS6700-S15-TCPT6: FiRR for presentation by TCPT3
for id = 3: CS6700-S15-TCPT3: response to FiRR by TCPT6
IMPORTANT: Any member of a PT sending a message to me must use Cc to send a copy to all members of this TCPT, so: (a) all TCPT members are informed, and (b) I can easily reply to all.
2.3) If your message is related to your research project, use the following Subject line format:
CS6700–S15-PT<id>: < descriptive subject>
where PT = Project Team, and id is the id of your PT.
Examples (assuming that PT id is 4 or 8A, resp.):
for id = 4: CS6700-S15-PT4: selected papers
for id = 8A: CS6700-S15-PT8A: selected papers
IMPORTANT: Any member of a PT sending a message to me must use Cc to send a copy to all members of this PT, so: (a) all PT members are informed, and (b) I can easily reply to all.
NOTE: Do not use "<" and ">" in actual subjects— they are only elements of format specifications.
Attached files must be scanned with up-to-date anti-viral software, and the message including them must contain the following statement:
I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>.
where <date> should be the current date. (You should have the habit of updating your anti-viral software daily!)
NOTE: Do not use "<" and ">" in your statement— they are only elements of format specifications.
Class Web Pages:
Main (this page):
Lecture slides, announcements, etc.:
Graduate student status.
Grade B or better in CS 5700 Computer Security and Information Assurance or instructor’s permission.
Grade B or better in a course on computer networks (CS 5550 Computer Networks is a prerequisite for CS 5700).
1) Main text:
L. Buttyán and J.-P. Hubaux, Security and Cooperation in Wireless Networks. Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing. Cambridge University Press, 2008.
The textbook might still be available online (with the read-only restriction) – check the “Download” link at: http://secowinet.epfl.ch/index.php?page=home.html
Publisher’s web page with information about the book:
2) Supplemental text 1:
K. Scarfone, C. Tibbs, M. Sexton, Guide to Securing WiMAX Wireless Communications, NIST Special Publication 800-127, September 2010.
3) Supplemental text:
K. Scarfone D. Dicoi, M. Sexton, and C. Tibbs, Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST Special Publication 800-127, July 2008.
4) Supplemental text:
S. Frankel, B. Eydt, L. Owens, and K. Scarfone, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. NIST Special Publication 800-97, February 2007.
or at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97-pdf.zip (the ZIPped version)
5) Supplemental text:
T. Karygiannis and L. Owens, Wireless Network Security. 802.11, Bluetooth and Handheld Devices. NIST Special Publication 800-48, November 2002.
Available at: http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf
or at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.zip (the ZIPped version)
Other NIST publications available at: http://csrc.nist.gov/publications/PubsSPs.html
Papers, book chapters, etc., for individual lectures. When needed, they will be announced on the “downloads” page.
This is an advanced course for graduate students only.
The course will be research-oriented, with both “more theoretical” and “more practical” research projects in the areas of computer privacy and security. Topics for the projects will be suggested by me, or proposed by students and accepted by me. Depending on class size, each project will involve 1-3 students.
Each student will present in class a research paper and/or a section of a textbook (probably from Part II or Part III – see below) strongly related to the student’s project. It will be selected by me, or proposed by the student and accepted by me.
Lecture will cover the topics from the main textbook. Its Table of Contents lists the following issues:
1. Existing Wireless Networks
Wireless Networks and New Challenges
4. Naming and Addressing
5. Establishment of Security Associations
6. Securing Neighbor Discovery
7. Secure Routing in Multi-Hop Wireless Networks
8. Privacy Protection
Behavior at the MAC layer of CSMA/CA
Selfishness in Packet Forwarding
11. Cooperation among Operators
12. Secure Protocols for Behavior Enforcement
A1. Introduction to Cryptographic Algorithms and Protocols
A2. A Tutorial on Game Theory for Wireless Networks
Optionally, the lecture might also cover other selected areas of advanced research in computer privacy and security, which are of most interest to me. Examples include:
Trust, privacy and security in opportunistic networks.
Privacy-preserving data dissemination.
Trust, privacy and security in pervasive systems, ad hoc networks, embedded networks and sensor networks.
Authentication and privacy, with emphasis on using trust for authorization, and authentication in healthcare systems.
Authentication attacks and controls.
Analysis of computer privacy and security paradigms and development of new ones.
Modeling computer fraud and investigating types of fraudulent user behaviors.
Vulnerability analysis and threat assessment/avoidance in computer systems, esp. in database systems.
Course Requirements for Students:
Work on an own research project (1-3 students per project depending on class size). Projects will be usually chosen from the lecture topics and the optional “selected areas” listed above.
There will be three basic types of projects: survey/overview projects, implementation projects, or simulation projects. All projects will be developed under my supervision, which might include regular weekly meetings.
Present in class a publication—a research paper or a book section. It will be selected by me, or selected by you and accepted by me. This “long” presentation will last at least 30 minutes plus a 5-minute Q&A period.
Possibly, present in class your project results. This “short” presentation will probably last 10 minutes plus a 5-minute Q&A period.
Write a research report describing results of your project.
Take the final exam.
There might be a few unannounced quizzes covering lectures (including presentations by fellow students) and required readings.
Lecture and presentation slides as well as related announcements will be available on-line on the “downloads” page). You should study the notes and read announcements (if any) after/before each lecture.
Taking notes during classes is highly encouraged. Especially, you should write down anything that is written down using the board or the document projector. You are encouraged to slow me down if you need more time to take notes.
Attendance is required. If you must miss a lecture, make sure that you don’t miss announcements.
2. Group Projects
The group projects will be done in Project Teams (PTs) consisting normally of 1-3 students.
The instructor will propose a set of topics for the projects to help students in project selection. PTs are free to propose their own topics for the project but must obtain instructor’s buy-in before starting their work.
The results obtained in the final project will be communicated by the PTs: (a) in written reports submitted to me by the end of the semester, (b) if time allows, in slides presented in class before the end of the semester. Both technical contents and quality of (written or oral) presentation will be evaluated for the project grade (normally the same for all PT members).
All projects will be due no later than on the last day of regular classes.
More details about project requirements, including presentation and report requirements, will be provided later.
3. . Lecture Material or Research Paper Presentation and Reviewing
Students, organized into Textbook Chapter Presentation Teams (TCPTs), will prepare and deliver presentations of Chapters (or their parts) from the main text. Also selected research papers might be included in the presentations in addition to presenting textbook material.
For each presentation, one TCPT in the pair will play the role of Presenters, and another TCPT—of Reviewers. Reviewers will work with presenters before the in-class presentation to assure the best quality (completeness, clarity, etc.) of presentation (incl. slides). Criteria for reviewing slides and presentations will be provided by the instructor. (More details below.)
The material selected for presentation by the members of a presenting TCPT may (but does not have to) be related to the group projects of the TCPT members. The material assigned for reviewing to a reviewing TCPT should be unrelated to the group projects of the reviewing TCPT members. (In this way, if the reviewers understand the presentation, anybody in the class will. J )
The instructor will work with students to assist in selecting Chapters or theirs parts for each TCPT for presentation. Reviewing TCPTs have to accept the presenting TCPT’s selection.
Example scenario: Each pair of TCPTs participates in two presentation/review rounds, with their roles switched in the second round. Suppose that TCPT3 and TCPT6 are paired with each other.
In Round 1, TCPT3 is selected for presentation and TCPT6 for reviewing of selected material. TCPT3 is responsible for preparing the initial presentation.
Then, TCPT6 reviews the presentation (without reading the presented material in the textbook or papers since TCPT6 members must be in a position in which other students will soon be). TCPT6 decides whether to review slides only, or request TCPT3 for an entire mock presentation (at least the last TCPT6 review before the in-class presentation of the material should be a mock presentation.)
TCPT3 uses the feedback from all reviews by TCPT6 to improve the presentation. A few iterations of the review-improve process might be needed, as determined by TCPT6 (and, maybe, as requested by TCPT3).
The final mock presentation by TCPT3 ends with filling a form known as Final Review Report (FiRR), listing both strength and shortcomings of the presentation as perceived by TCPT6. TCPT3 can read and respond to the comments of the report.
Both FiRR from TCPT6 and the response by TCPT3 must be submitted to the instructor. TCPT3/TCPT6 email FiRR/FiRR response (with a proper header including “FiRR” or “FiRR response”), and hand in a hard copy.
In Round 2, TCPT6 is selected for presentation, and TCPT3 for reviewing of material presented by TCPT6.
Presentations will be graded by the instructor with the feedback from all students in class, who will be asked to fill simple Presentation Evaluation questionnaires. The final score for the presenting TCPT will be based on both inputs. The final score for the reviewing TCPT will additionally use FiRR as an important output produced by of the reviewing TCPT.
There will be one exam: the final exam. It will be held during the finals week, as scheduled by the Registrar’s Office:
All Tuesday 4:00-5:29 p.m.
5:00 p.m. – 7:00 p.m.
(Registrar’s Office schedule: http://wmich.edu/registrar/calendars/exams/spring/
If you miss the exam and are excused, you will be required to take a make-up final exam as scheduled by the Registrar’s Office (cf. the same web page). To be excused, you must prove significant circumstances beyond your control. Generally this will require documentation, such as a doctor’s note in case of an illness. If possible, inform the instructor before the exam if circumstances beyond your control will cause missing the exam.
NOTE: No make-up exams will be given for reasons other than emergency situations completely beyond student’s control. If you know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In particular, early flight reservations are not an acceptable reason for a make-up exam.)
5. Incomplete Grades
The incomplete grade - I - is intended for a student who has missed a relatively small portion of work due to circumstances beyond the student’s control. In general, performance on work done must be at a level of C or better in order to qualify for an incomplete. An I grade will not be given to replace an otherwise low or failing grade in the class.
Team project (incl. final project presentation) 50%
Chapter or research paper presentation by PT 5%
Review of paired PT presentation 5%
Final exam 40%
In case chapter or paper presentations/reviews are not possible (e.g., due to time constraints), 5% will be added to Team project and 5% to Final exam.
You are expected to stay alert and pay attention in class. Cellphones, PDAs, and other electronic devices should not be used during the lecture and should be turned off.
If available, you may bring your laptop to the class. Your laptop speakers must be turned off. Emailing, web-surfing, etc. during the class is not permitted. You may use laptops only when specifically told to do so. In order to maintain the integrity and to prevent distractions in the classroom, the instructor may ask students to turn off laptop and other devices.
It is a common courtesy to prevent your cellphone from ringing when in the classroom.
Note: This is a course for honest and ethical students only!
I will not tolerate any breaches of academic integrity, including abuses of a lab (if used), lab procedures, or projects.
In addition, due to the nature of this course, should a student use any information learned or any facilities provided by the course in an unethical way, I will ask the Office of Student Conduct for the harshest penalties applicable. This applies to acts committed both during and after the course (for example, if I hear about an incident in a faculty meeting).
[Based on text courtesy of Prof. Ajay Gupta and Prof. James Yang.]
Submission of another person’s work in part or whole is not permitted. Learning can certainly occur with discussion of class material and assignments with other students, but at all times ensure that you don’t represent the work of another person as your own. In particular, remember the following:
If you rephrase ideas presented by others in your text, you must provide a reference in this text, and then list full bibliographic information for the reference at the end of your report, slides, etc.
Any quotes (as opposed to references) must be clearly indicated in at least two ways: (a) with a clear phrase or sentence (e.g. “Quoting Smith et al.:”), and (b) with a different form of the text (e.g., written in italics, boxed, etc.).
Easy availability of information, material, source codes, lecture notes, etc., on the Internet may make it possible to find text useful for your report, slides, etc. It is okay (even required for your projects) to refer to those, understand them and use them to enhance your solutions, generate your own ideas, etc. However, you must give proper and full credit to original authors of the work if you include their ideas or solutions (complete references and/or indication of quoted material are required).
Sharing information between PTs is encouraged. A PT using rephrased ideas from another PT must give a full reference to the “source PT.” A PT quoting text from another PT must clearly indicate the quotes and give a full reference.
Anybody found responsible for violation of academic honesty in the course, will receive a course penalty up to and including an E (failing) grade in the class. Additional disciplinary actions can be taken by the Department, the College, and the University.
Note: Calendars are subject to change. Dates and events are added or changed as information becomes available.
© 2007-2015 by Leszek T. Lilien Last updated on 1/12/15