[ Home ]
[ Schedule ]
[ Research ]
[ Classes ]
 

Introduction to Computer Security

A Course Design for CS302

Description

This course will focus on the fundamentals of computer and information security. While cryptology will be covered during the course, this is not a cryptology class. We will discuss the theory of computer security and information control as well as try to define what it means for a system to be secure. You will probably not learn how to secure any particular system during this course as it is academic in nature, but hopefully the principles learned will help you in practice.

Computer security is emerging as a major research field with much work left to be done. Thus this course should be very appropriate for advanced undergraduates with an interest in security and research. Moreover, security issues come up frequently in the news which should allow for frequent timely discussions in class.

The course format will be a (hopefully) interactive lecture with homeworks and a group project.

Homeworks

Homework will occasionally consist of written assignments on a topic or perhaps programs. TBD.

Projects

At sometime early in the term, you will be asked to form into groups of 2-3 people to work on a security project of your choosing. The project must be approved. The project will consist of a paper and possibly an accompanying program, depending on your topic.

Possible topics include:

  • Quantum cryptography
  • Formal models of security
  • (D)DoS analysis and prevention
  • Intrusion detection
  • Network or local security
  • Database security
  • Object-oriented security
  • Security evaluation
  • Software engineering and security
  • HCI and security

Grading Policy

AssignmentPoints
3 Homeworks20 points each
1 Midterm100 points
1 Final140 points
2 Project Checkpoints20 points each
1 Project160 points
TOTAL500 points

The course grade will be curved. Homeworks and tests are individual assignments while the projects will be in groups (see above). All members of the same group will receive the same project grades. The intention is to evaluate all students in both individual and group settings. Working in security often involves more social and political interactions than coding. I hope you will get a feel for this aspect during the class.

Cheating is serious offense. All incidents will be reported to the office of student conduct.

There will be no extra credit assignments.

Labs (if any) will not count for credit.

During the quarter, you will have 2 "slip" days that you can use for late homeworks. After you have used up all your slip days for the quarter, 10% credit will be deducted for each day the homework is late. Project assignments will not be accepted late. Makeup exams will only be held in the most extreme circumstances, at the discretion of the instructor.

Prerequisites

A course in operating systems is required. Also recommended are courses in networking, cryptography, and algorithms. Other useful courses include HCI, software engineering, and programming languages.

Entrance exam

Preliminary Course Outline

WeekTopic
1Introduction, what is security?, basic terminology
(click here for a concept map of this week's terms).
2Theory
3Theory
4Cryptology
5Cryptology
6Midterm, Attacks (Local)
7Attacks (Network, Network protocols)
8Attacks (Viruses, (D)DoS)
9Building secure systems
10Politics, law, and ethics

Course Goals

This course should prepare you for an advanced, possibly graduate course in security. It may also prepare you for courses that involve technology law, ethics, or policy making. Hopefully by the end of this course you should be able to do well on the following exam.

Exit exam

Difficult Concepts in the Course

The following are the topics which I feel will be the most difficult in the course.

  1. Terminology

    The security field has very complex terminology with a great number of subtleties (e.g. threats vs. vulnerabilites) that can mean the difference between a secure system and an insecure one. It is not so important that you memorize exact definitions (as there are few standard ones throughout the field anyhow), but rather that you understand the understated points that the terminology brings up. Threats live in the cracks.

  2. Low-Level Systems Interactions

    Many people are unfamiliar with the low level minutia of systems programming and debugging. There is however a small group of people who do know this well - system crackers. In order to defend against many attacks, we must understand how systems are implemented - how bits are twiddled and memory is laid out. This can be quite daunting to the first time viewer. We will have a homework or lab that deals with this subject. It should give you a healthy respect for automated systems and type safety in languages.

  3. Math and Theory

    Brush up on your math for the theory and cryptology portions of the course. You can walk away from this course with a good grade and only a cursory understanding of math behind these topics, but you will benefit greatly from even a basic understanding of mathematical logic. Abstract algebra and number theory help, too. ;)

Related Courses

Possible textbook choices