SyllabusCS 556 - Computer Security |
Computer and system security, authentication, access control, privacy.
CS 556 introduces the principles of computer security. Information is an important strategic and operational corporate asset. These days computers and computer networks, are increasingly being used for storing and retrieving information. Some of these information may be of a sensitive nature. Consequently they need to have adequate security measures that can safeguard sensitive information. In this course, we will begin by investigating some of the security measures that can be employed to safeguard information. For the most part we will look into the theory that goes into designing these measures rather than studying security tools and techniques. This is because there are too many of those tools out there and they are changing frequently. The course examines how system designs, network protocols, and software engineering practices can result in vulnerabilities. The course explores how to better design and implement future systems in order to mitigate vulnerabilities. In addition, the course explores how to detect and mitigate vulnerabilities in existing systems.
Understanding security requires understanding system concepts such as memory and network access models, stacks, and buffers. Although the official pre-requisite for this course is CS 451 or an equivalent undergraduate course in Operating Systems, this being an graduate level computer science course, students are expected to have broad understanding of different aspects of how computer systems work. It is strongly recommended that the student have a working knowledge in computer networks. The student should also feel comfortable with algorithmic concepts and modular arithmetic. If they do not, they are strongly encouraged to refresh their skills in these areas. Experimentation through programming exercises in C/C++ and scripting languages is one of the activities of the course. Students should be ready with these skills.
By the end of the course, students should be able to:
The course is geared toward graduate students and seniors in computer science, math, and information technology students who already have exposure to system design principles.
There is no
required text for this course as the materials covered are too
broad to
be covered by a single text book. Lecture notes will be made
available at this site. Two recommended references are:
Charlie
Pfleeger's
book contains sections for a major portion of the topics that we
will
cover. William Stallings book does a good job for cryptography.
Other reference books that you may want to have a look at, are:
CS 556 Web Page: http://www.cs.colostate.edu/~cs556/
| Lecture Time and Location: | Tuesdays and Thursdays, 2:00 pm - 3:15pm, COMSC 325. |
Lectures will
be a
combination of slide presentations, whiteboard
presentations, and discussions of students' questions.
Schedule
Following is
tentative schedule for this class. Note that as the term
progresses we
are most likely to digress quite a bit. However, dates for term
paper/project and exams are fixed and will not change.
Week 1 -
Introduction, security concepts, threats, risks and security
services
Week 2 - Access control models: Discretionary access control
Week 3 - Access control models: Mandatory access control
Week 4 - Access control models: Covert channels and Chinese Wall
Week 5 - Access control models: Commercial security and RBAC
Week 6 - Software Security
Week 7 - Software Security. Intrusion Detection
Week 7 - Introduction to cryptography, Secret key cryptosystems
Week 8 - Key escrow
Week 9 - Modular Arithmetic and Public key cryptosystems
Week 10 - Public key cryptosystems
Week 11 - Diffie-Hellman and RSA
Week 11 - Other public key cryptosystems (continued)
Week 11 - Message digests, digital signatures
Week 12 - Identification and authentication, Passwords, Biometrics
Week 12 - One-time passwords and challenge response schemes,
Kerberos
Week 13 - Kerberos, SSL, SSH
Week 14- Privacy
Important
Deadlines
Please
familiarize
yourself with the following deadlines related to exams and term
paper/project submission. These are firm deadlines. Due dates for
project submissions will be announced as and when the projects
will be
assigned.
| August
21, Tuesday |
First
day of class |
| September 4, Tuesday |
Term
paper / project topic identification |
| September
25, Tuesday |
Term
paper / project abstract due |
| October
9, Tuesday |
Midterm Examination |
| October
15, Monday |
Last
day for drop with "W" |
| November
6, Tuesday |
Term
paper / project update due |
| November
17, Saturday |
Thanksgiving
break begins |
| November
25, Sunday |
Thanksgiving
break ends |
| December
4, Tuesday |
Term
papers / project due |
| December
13, Thursday |
Final
examination (2:00 - 4:00 pm) |
| Midterm Examination |
25% |
| Final Examination |
25% |
| Quizzes |
10% |
| Hands on Projects |
20% |
| Term Paper / Project |
20% |
The final
letter grades for the course are based on your final
class average. Grades will be assigned according to the
following table:
| 96 and up |
A+ |
82 to 88 |
B |
60 to 70 |
D |
| 92 to 96 |
A |
80 to 82 |
B- |
below 60 |
F |
| 90 to 92 |
A- |
78 to 80 |
C+ |
||
| 88
to 90 |
B+ |
70
to 78 |
C |
There
will
be several hands-on security projects. Some of these
projects will require programming. These need to be done
(preferably)
on the
department's workstations. Other projects in this class will
use DETER. Quoting
directly
from the
DETER website, "The DETERlab testbed is a general-purpose
experimental
infrastructure that supports research and development on
next-generation cyber security technologies. The testbed allows
repeatable medium-scale Internet emulation experiments for a
broad
range of network security projects, including experiments with
malicious code." DETER is ideal for our purposes as we want to
experiment wtih network security, malicious code, and other
hands on
security education activities.
The projects
used
in this course are being jointly developed by the
University of Southern California Information Sciences Institute
(Dr.
Mirkovic - lead PI), the University of California at Los Angeles
(Dr.
Reiher), Lehigh University (Dr. Chuah), the University of North
Carolina at Charlotte (Dr. Kang) and of course Colorado State
University (Dr. Massey and Dr. Ray).
No late projects will be accepted. If you have not completed the project by the due date, be sure to submit whatever results you have for partial credit. If you submit nothing by the due date, you will receive no credit for the project.
Periodic quizzes will be given in class throughout the semester. In addition, there will be a midterm exam and a final exam.
Midterm Exam: will be given in class on October 9 (no exception).
Comprehenisive Final Exam: will be given on the CSU assigned final exam date & time (December 13, 2:00 pm - 4:00 pm).
No make-up exams will be given. It is unfair to the rest of the class if some students take the quizzes, midterm, or final exams at a different time, take substitute exams, or take an exam more than once. Plan to attend the exam or expect to receive a zero on the exam.
Policies on cheating, plagiarism, incomplete grades, attendance, discrimination, sexual harassment, and student grievances are described in the Student Information Guide ( http://www.CS.ColoState.EDU/advising/student-info.html). All other matters follow the policies set in the current Colorado State University General Catalog. Students are responsible for all the information in these documents.
Copyright © 2011: Colorado State University for CS356. All rights reserved.