Computer and Network Security

Professor Bill Arbaugh
TA Srinivasan Parthasarathy      (Office AVW 3221; TuTh: 3:30 - 5:00)
Time TuTh: 11:00 - 12:15
Place AVW 1112
Office hours TuTh: 1:00 - 2:00 and by appointment
Text Security in Computing, Charles P. Pfleeger
ISBN:  0-13-337486-6

The text will also be supplemented with additional papers which you can find links to on this page.

A grade of C or better in CMSC 311 and CMSC 330. 

NOTE: This course will cover a wide range of topics within computer science. If you are unable to quickly grasp these issues, you will have difficulty in the class. Review the course material here to ensure you're comfortable with the level. Also, all of the homework will include programming projects. If you are not comfortable programming, you will have great difficulty in this class.

Course Description
Until recently, information systems security has only been a focus of the military, and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. Unfortunately, most current commercial products ignore security in favor of a user friendly environment and performance. The side-effects of this decision are now well documented in the press.

This class will cover information systems security at the under graduate level. 

Course Work
There will be several homework assignments (written and programming) as well as mid-term, and final examinations. A systems oriented term project will also be required.

NOTE: All work that you submit in this course must be your own; unauthorized group efforts are considered academic dishonesty. See the Undergraduate Catalog for definitions and sanctions.

All written homework assignments MUST be turned in prior to the beginning of class on the date due. Assignments will be collected in the classrom prior to the start of class.

All programming assignments MUST be turned in electronically here prior to the beginning of class on the date due.

Late assignments will only be accepted under exceptional circumstances AND with prior arrangement. A penalty may apply.

Grading Policy
 Final grades will be determined using the following distribution:


Homework 15%
Midterm 20%
Project 30%
Final 25%
Class Participation 10%

Programming assignments and the course project will be graded on correctness as well as documentation. A project that fails on the provided test cases (and those used in grading) will not receive a favorable grade. A project that passes all tests, but does not contain reasonable documentation will also not receive a favorable grade. Security is a subset of reliability- good design and documentation increases the reliability of your code and thus the security.

Your class participation grade will be determined by your on time attendance to class, and your participation in classroom  discussions.
Schedule of Classes
No. Date Topic and Reading Assignment
1 Jan 30
Introduction and Motivation 
2 Feb 1 Basic Encryption and Decryption

Security in Computing, Chapter 2 (pages 21 - 65).

More information on Vigenere and index of coincidence.

3 Feb 6
Vulnerabilities, Defense, and Definitions

Security in Computing, Chapter 1 pages 1-19, and 
Smashing the Stack for Fun and Profit, Aleph One

4 Feb 8 Vulnerabilities, Defense, and Definitions

Secure UNIX Programming, FAQ, Thamer Al-Herbish 

Homework #2 handed out in class.

5 Feb 13
Vulnerabilities, Defense, and Definitions 

Why Cryptosystems Fail, Ross Anderson. 

Homework #1 due.
6 Feb 15
Symmetric Encryption and Cryptographic Hash Functions

Security in Computing, Chapter 3 (pages 97 - 123)

Homework #2 due.

Homework #3 handed out in class.

NOTE: You may use a current implementation of CRC32 rather than implementing the WEP CRC directly. Doing so will result in a 10% reduction in the grade. In Java, the routine is  In C, the following tar file includes source you may use:  crc32.tar

Java info on computing CRC's

7 Feb 20
Asymmetric Encryption

Security in Computing, Chapter 3 (pages 69 - 96)

8 Feb 22 Cryptographic Protocols

Security in Computing, Chapter 4 (pages 126 - 172)

Feb 27
Cryptographic Protocols continued
10 Mar 1
Internet Voting

Homework #3 due.

11 Mar 6
Operating System Security

Security in Computing, Chapter 6 (pages 228 - 265)

Course project handed out in class and discussed.
Group project, Individual project

12 Mar 8
Java Encryption and key management
13 Mar 13
Operating System Security continued and midterm review

Security in Computing, Chapter 6 (pages 228 - 265)

14 Mar 15 Midterm
15 Mar 27
Lab Day No class
16 Mar 29
Java Security
Chapter 2 and Chapter 3 of Securing Java, Gary McGraw and Ed Felton.
17 Apr 3
Java Security
Chapter 4 of Securing Java, Gary McGraw and Ed Felton.
18 Apr 5
Java Security continued.

Design Document for course project due at the begining of class.

19 Apr 10
Java Security continuted.
20 Apr 12 "Trusted" Operating Systems

Security in Computing, Chapter 7 (pages 269 - 329)

21 Apr 17
Firewalls: Friend or Foe?

Security in Computing, pages 377 - 426 (Section 9.1 to 9.5).
Security in Computing, pages 426 - 443.

22 Apr 19
Intrusion detection: Dectector or time waster?

An Introduction to Intrusion Detection by Becky Bace

Brief intro to intrusion detection from CERIAS/Purdue

23 Apr 24
Incident handling and forensics: What to do when things go bad!

Security in Computing, Chapter 10 (pages 447-489)
Dan Farmer and Wietse Venema's Forensic links

24 Apr 26

Reading TBD

25 May 1

Reading TBD

26 May 3
E-commerce and digital payments

Reading TBD

27 May 8
Intellectual property protection

Reading TBD

28 May 10 Course Review
29 May 15 Lab day. No class