Computer Security and Information Assurance
Instructor: Dr. Leszek (LEH-shek) Lilien
CEAS B-249, phone: (269) 276-3116
Email: email@example.com – please use for urgent matters only
1) Only e-mail coming from a WMU account (ending with “wmich.edu” will be read).
2) Files submitted as attachments will not be read unless they are scanned with up-to-date anti-viral software, and the message including them contains the following statement:
I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>.
Office Hours: M 7:00 PM – 8:30 PM, W 1:15 PM – 2:45 PM
Classes: CEAS C0123, MW 5:30 PM – 6:45 PM
Class Web Pages:
Class slides and announcements:
This course is a survey of topics in the realm of computer/network security and information assurance. It introduces topics ranging from cryptographic techniques to trusted systems to multilevel security to network security to ethics in the computing profession. Students will learn fundamental concepts of security that can be applied to many traditional aspects of computer programming and computer system design. The course will culminate in a project where the students will have an opportunity to more fully investigate a topic related to the course.
The course is designed to provide knowledge including the following:
· Security terminology
· Basic cryptographic techniques: terminology, basic ciphers, private and public key encryption, uses of encryption
· Program security: nonmalicious program errors (incl. buffer overflows), viruses, other malicious code, targeted malicious code, controls against program threats
· Protection in operating systems: protected objects, methods of protection, access control, authentication
· Network security: threats (incl. impersonation, spoofing, DoS, DDoS), controls (incl. encryption, strong authentication), selected network security tools (firewalls, intrusion detection)
· Database security: security requirements, sensitive data, inference, multilevel databases
· Legal, ethical, privacy issues in Computer Security
At the end of the course, all students should be able to:
· Describe and correctly use fundamental terminology in the area of computer/network security and information assurance
· Describe fundamental concepts of cryptography and assess the strengths and weaknesses of common cryptographic protocols
· Identify weaknesses in program design and be able to categorize basic forms of attack against programs
· Understand the basic concepts of security with regards to operating systems and access control
· Understand security threats in networks and available controls,
· Describe database attacks and protections against such attacks
· Appreciate and understand the legal, ethical, and privacy issues in computer security
Midterm Exam 25%
Final Exam 30%
Group Projects (incl. final project presentation) 35%
· Lecture notes will be available on-line on the “announcements and slides” page. You should study the slides and read announcements (if any) after each lecture.
· Taking notes during classes is highly encouraged. Especially, you should write down anything that is written down using the board or the document projector. You are encouraged to slow me down if you need more time to take notes.
· Attendance at lectures is required. If you must miss a lecture, make sure that you don’t miss announcements.
· There might be 2-4 quizzes.
· Quizzes will be announced in class, no later than at the preceding lecture.
· There will be two exams for the class.
· The midterm exam will be announced at least a week in advance (most probably, it will be held during the sixth week of the semester). It will be held during normal class time.
· The final exam will be held during the finals week, as scheduled by the Registrar’s office, that is on Monday, April 24, 7:15 PM - 9:15 PM
NOTE: No make up exams will be given for reasons other than emergency situations. If you know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In particular, early flight reservations are not an acceptable reason for a make up exam.)
· Small projects:
a. 1-2 small projects will be individual and self-guided (using guidelines provided by me). They will not be graded but lessons learned may be checked by my quiz questions.
· The final project:
a. The final project will be done in teams consisting normally of 3-4 students.
b. I will propose a set of topics for the final project to help students in final project selection. The teams are free to propose their own topics for the final project but must obtain my buy-in before starting their work.
c. The results obtained in the final project will be presented by the teams in class at the end of the semester.
· Project presentation requirements more to be provided later):
a. For all projects, both technical contents and quality of (written and/or oral) presentation will be evaluated for the total project credit.
b. No handwritten project reports will be accepted. All text and figures must be prepared using a word processor (and a drawing program, if necessary).
c. The project reports must be submitted both as hard copies and in an electronic format.
i. Required electronic format: PDF and DOC.
ii. The message including project files must include information on anti-viral software used (cf. above).
d. Late project reports will lose 33% per day beyond the due date.
· Since email and telephone limit interactions, please see me during my office hours in case of any course difficulties. (In justified cases, a special appointment can be made.)
· No questions will be answered on the date of a quiz/exam. No office hours will be held on the days of the midterm and final exams.
· A make-up quiz/exam can be given only when a student presents a valid emergency reason for missing the test/exam, with well-documented evidence. Without such a reason and evidence, the student will loose all quiz/exam points.
Note: Please be aware that I will not tolerate any breaches of academic integrity.
In addition, due to the nature of this course, should a student use any information learned or any facilities provided by the course in an unethical way, I will ask the Office of Student Conduct for the harshest penalties applicable. This applies to acts committed both during and after the course (for example, if I hear about an incident in a faculty meeting).
© 2006 by Leszek T. Lilien