Fall 2005
| Professor | Bill Arbaugh (waa@cmsc414.cs.umd.edu) Remove the cmsc414 before sending mail to prevent spam
Office hours: TuThu 2:30 - 3:30 (AVW 4137) |
| FRA | Tim Fraser (tfraser@cmsc414.cs.umd.edu) Remove the cmsc414 before sending mail to prevent spam
Office hours: Tu 1:30 - 2:30 (AVW 4161) |
| TA | Mohammad Toossi (toossi@cmsc414.cs.umd.edu) Remove the cmsc414 before sending mail to prevent spam
Office hours: TBD |
| Time | TuThu 3:30 -- 4:45 |
| Place | CSI 3117 |
| Course Text | Security in Computing 3rd Edition by Charles P. Pfleeger and Shari Lawrence Pfleeger ISBN: 0130355488 |
| Additional Information | It is highly recommended that you use a version control system such as CVS or Subversion while doing your work. There is a CMSC414 moodle site available that contains additional resources for the course, including forums to which you can post. Please do not reuse an important password for this site, as it will be sent across the network in the clear. |
| Prerequisites |
NOTE: This course will cover a wide range of topics within computer science. If you are unable to quickly grasp these issues, you will have difficulty in the class. Review the course material here to ensure you're comfortable with the level. Also, all of the homework will include programming projects in C. If you are not comfortable programming, you will have great difficulty in this class.
| Course Description |
This class will cover information systems security at the undergraduate level.
| Course Work |
NOTE: All work that you submit in this course must be your own; unauthorized group efforts are considered academic dishonesty. See the Undergraduate Catalog for definitions and sanctions.
NOTE: Failing to submit two or more homework assignments is cause for failure of the course.
Details for the submission of each assignment will be included in the assignment.
Late assignments will only be accepted under exceptional circumstances AND with prior arrangement. A penalty may apply.
| Grading and other Policies |
Grades
Final grades will be determined using the following distribution:
| Homework | 50% |
| Midterm | 20% |
| Final | 30% |
Each homework assignment is equally weighted. Programming assignments will be graded on correctness as well as documentation. A project that fails on the provided test cases (and those used in grading) will not receive a favorable grade. A project that passes all tests, but does not contain reasonable documentation will also not receive a favorable grade. Security is a subset of reliability- good design and documentation increases the reliability of your code and thus the security.
Please read Making the Grade by Kurt Wiesenfeld and keep his views (which I share) in mind when deciding how much effort to invest in your coursework. The only reason why I have (or will) raise a grade is when I or the TA make an error in grading.
Excused Absences
Students claiming a excused absence must apply in writing and furnish documentary support (such as from a health care professional who treated the student) for any assertion that the absence qualifies as an excused absence. The support should explicitly indicate the dates or times the student was incapacitated due to illness. Self-documentation of illness is not itself sufficient support to excuse the absence. An instructor is not under obligation to offer a substitute assignment or to give a student a make-up assessment unless the failure to perform was due to an excused absence. An excused absence for an individual typically does not translate into an extension for team deliverables on a project.
Student Disability
Any student eligible for and requesting reasonable academic accommodations due to a disability is requested to provide, to the instructor in office hours, a letter of accommodation from the Office of Disability Support Services (DSS) within the first two weeks of the semester.
Syllabus
The syllabus is a living document. Subject matter may change. The dates of assignments will not. Please refer to Moodle and the online version of the syllabus at http://www.cs.umd.edu/~waa/cmsc414-fall05.html.
| Schedule of Classes |
| No. | Date | Description |
|---|---|---|
| 1 | 1 Sep | Introduction
Topic: a historical overview of computer security |
| 2 | 6 Sep | Crypto 1
Topic: Crypto overview, basic concepts, goals, terminology, mechanisms Assignments due:
Assigned today: Homework 1 (crypto) |
| 3 | 8 Sep | Crypto 2
Topic: What makes a cryptosystem "good", cryptanalysis, survey of real encryption algorithms Assignments due:
|
| 4 | 13 Sep | Crypto 3
Topic: Uses of encryption, key exchange, establishing trust, authentication. Assignments due:
|
| 5 | 15 Sep | Crypto 4
Topic: current applications, PGP/GPG, TLS/SSL, IPSec. Assignments due:
|
| 6 | 20 Sep | Basic Security 1
Topic: General goals of security, reasoning about threats and risk Assignments due:
Assigned today: Homework 2 (basic principles) |
| 7 | 22 Sep | Basic Security 2
Topic: basic principles of computer security |
| 8 | 27 Sep | How not to design a security protocol: WEP |
| 9 | 29 Sep | Building Secure Programs 1
Topic: Flaws and Malware Assignments due:
Assigned today: Homework 3 (building secure programs) |
| 10 | 4 Oct | Building Secure Programs 2
Topic: C programming considered harmful Assignments due:
|
| 11 | 6 Oct | Building Secure Programs 3
Topic: engineering solutions, safe languages Assignments due:
|
| 12 | 11 Oct | Building Secure Programs 4
Topic: static analysis tools for finding security flaws Assignments due:
|
| 13 | 13 Oct | Building Secure Programs 5
Topic: correctness, theorem proving, type systems, model checkers |
| 14 | 18 Oct | Midterm |
| 15 | 20 Oct | Building Secure Systems 1
Topic: Protection in commodity operating systems Assignments due:
Assigned today: Homework 4 (building secure systems) |
| 16 | 25 Oct | Building Secure Systems 2
Topic: Virtualization, confinement, and covert channels Assignments due:
|
| 17 | 27 Oct | Building Secure Systems 3
Topic: Advanced protection models, MAC, RBAC Assignments due:
|
| 18 | 1 Nov | Building Secure Systems 4
Topic: Trusted operating systems Assignments due:
|
| 19 | 3 Nov | Building Secure Systems 5
Topic: Assurance Assignments due:
|
| 20 | 8 Nov | Building Secure Systems 6
Topic: Penetration Testing Assignments due:
|
| 21 | 10 Nov | Building Secure Systems 7
Topic: Host-based Intrusion Detection and Security Retrofit |
| 22 | 15 Nov | Network Security 1
Topic: Overview of threats Assignments due:
Assigned today: Homework 5 (network security) |
| 23 | 17 Nov | Network Security 2
Topic: Network security controls and technologies Assignments due:
|
| 24 | 22 Nov | Network Security 3
Topic: Network intrusion detection systems Assignments due:
|
| 24 Nov | Thanksgiving---no lecture | |
| 25 | 29 Nov | Network Security 4
Topic: Wireless security |
| 26 | 1 Dec | Database Security
Assignments due:
|
| 27 | 6 Dec | Hardware Security 1
Topic: Secure, Authenticated, Trusted boot |
| 28 | 8 Dec | Hardware Security 2
Topic: Hardware for security: smartcards, RFID, biometrics |
| 29 | 13 Dec | Review Day |