Professor	Bill Arbaugh
TA	Srinivasan Parthasarathy      (Office AVW 3221; TuTh: 3:30 - 5:00)
Time	TuTh: 11:00 - 12:15
Place	AVW 1112
Office hours	TuTh: 1:00 - 2:00 and by appointment
Text	Security in Computing, Charles P. Pfleeger ISBN:  0-13-337486-6 The text will also be supplemented with additional papers which you can find links to on this page.

 
 

Prerequisites

A grade of C or better in CMSC 311 and CMSC 330.  NOTE: This course will cover a wide range of topics within computer science. If you are unable to quickly grasp these issues, you will have difficulty in the class. Review the course material here to ensure you're comfortable with the level. Also, all of the homework will include programming projects. If you are not comfortable programming, you will have great difficulty in this class.

Course Description

Until recently, information systems security has only been a focus of the military, and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. Unfortunately, most current commercial products ignore security in favor of a user friendly environment and performance. The side-effects of this decision are now well documented in the press. This class will cover information systems security at the under graduate level.

Course Work

There will be several homework assignments (written and programming) as well as mid-term, and final examinations. A systems oriented term project will also be required. NOTE: All work that you submit in this course must be your own; unauthorized group efforts are considered academic dishonesty. See the Undergraduate Catalog for definitions and sanctions. All written homework assignments MUST be turned in prior to the beginning of class on the date due. Assignments will be collected in the classrom prior to the start of class. All programming assignments MUST be turned in electronically here prior to the beginning of class on the date due. Late assignments will only be accepted under exceptional circumstances AND with prior arrangement. A penalty may apply.

Grading Policy

Final grades will be determined using the following distribution:

 

Programming assignments and the course project will be graded on correctness as well as documentation. A project that fails on the provided test cases (and those used in grading) will not receive a favorable grade. A project that passes all tests, but does not contain reasonable documentation will also not receive a favorable grade. Security is a subset of reliability- good design and documentation increases the reliability of your code and thus the security.

Your class participation grade will be determined by your on time attendance to class, and your participation in classroom  discussions.
 

Schedule of Classes

No. Date Topic and Reading Assignment 1 Jan 30 Introduction and Motivation    Reflections on trusting trust, Thompson.  Risk Management is Where the Money Is, Daniel Geer.  Homework #1 handed out in class.   2 Feb 1 Basic Encryption and Decryption Security in Computing, Chapter 2 (pages 21 - 65). More information on Vigenere and index of coincidence.   3 Feb 6 Vulnerabilities, Defense, and Definitions Security in Computing, Chapter 1 pages 1-19, and  Smashing the Stack for Fun and Profit, Aleph One   4 Feb 8 Vulnerabilities, Defense, and Definitions Secure UNIX Programming, FAQ, Thamer Al-Herbish  Homework #2 handed out in class.   5 Feb 13 Vulnerabilities, Defense, and Definitions  Why Cryptosystems Fail, Ross Anderson.    Homework #1 due. 6 Feb 15 Symmetric Encryption and Cryptographic Hash Functions Security in Computing, Chapter 3 (pages 97 - 123) Homework #2 due. Homework #3 handed out in class. NOTE: You may use a current implementation of CRC32 rather than implementing the WEP CRC directly. Doing so will result in a 10% reduction in the grade. In Java, the routine is java.util.zip.CRC32.  In C, the following tar file includes source you may use:  crc32.tar Java info on computing CRC's     7 Feb 20 Asymmetric Encryption Security in Computing, Chapter 3 (pages 69 - 96)   8 Feb 22 Cryptographic Protocols Security in Computing, Chapter 4 (pages 126 - 172)   9 Feb 27 Cryptographic Protocols continued 10 Mar 1 Internet Voting Homework #3 due.   11 Mar 6 Operating System Security Security in Computing, Chapter 6 (pages 228 - 265) Course project handed out in class and discussed. Group project, Individual project   12 Mar 8   Java Encryption and key management 13 Mar 13 Operating System Security continued and midterm review Security in Computing, Chapter 6 (pages 228 - 265)   14 Mar 15 Midterm 15 Mar 27 Lab Day No class 16 Mar 29 Java Security Chapter 2 and Chapter 3 of Securing Java, Gary McGraw and Ed Felton. 17 Apr 3 Java Security Chapter 4 of Securing Java, Gary McGraw and Ed Felton. 18 Apr 5 Java Security continued. Design Document for course project due at the begining of class.   19 Apr 10   Java Security continuted. 20 Apr 12 "Trusted" Operating Systems Security in Computing, Chapter 7 (pages 269 - 329)   21 Apr 17 Firewalls: Friend or Foe? Security in Computing, pages 377 - 426 (Section 9.1 to 9.5). Security in Computing, pages 426 - 443.   22 Apr 19 Intrusion detection: Dectector or time waster? An Introduction to Intrusion Detection by Becky Bace Brief intro to intrusion detection from CERIAS/Purdue   23 Apr 24 Incident handling and forensics: What to do when things go bad! Security in Computing, Chapter 10 (pages 447-489) Dan Farmer and Wietse Venema's Forensic links   24 Apr 26 Kerberos Reading TBD   25 May 1 IPsec Reading TBD   26 May 3 E-commerce and digital payments Reading TBD   27 May 8 Intellectual property protection Reading TBD   28 May 10 Course Review 29 May 15 Lab day. No class