Computing Security

CS 325
Spring 2011

Instructor:

Tom Kelliher
Hoffberger 140
(410) 337-6189
kelliher[at]goucher.edu
http://phoenix.goucher.edu/~kelliher/
Office hours: MWThF 1:30-2:30pm. Other times by appointment.

Class:

Hoffberger 149
MWF 12:30-1:20pm
http://phoenix.goucher.edu/~kelliher/f2011/cs325/

Objectives:

Our objective is to survey the landscape of security in the computing domain. Starting with cryptography, we will move along to security in small systems, advancing through various systems of intermediate size, and finishing this segment with network (Internet) security. We will conclude with a consideration of security policies.

At the end of this course, you will be able to:

1. Discuss the fundamental notions of threat, vulnerability, attack and countermeasure.
2. Identify the security goals of an information system, point out contradictory goals and suggest compromises.
3. Understand the purpose of security protocols and be witness to the difficulties of their verification.
4. Explain the main authorization mechanisms in an operating system and discuss recent developments including trusted computing and digital rights management.
5. Understand the threats and vulnerabilities that are specific of a networked environment, and explain countermeasures including firewalls and intrusion detection systems.
6. Understand the vulnerabilities brought about by modern web-based application and services, and discuss countermeasures.
7. Understand and abide by the legal and ethical frameworks that govern computer and information systems.
8. Assess and critique references to computer security appearing in newspapers and magazine articles, in movies and in documentaries.

Textbook:

C. P. Pfleeger and S. L. Pfleeger, ``Security in Computing,'' 4th ed., Prentice Hall, 2007. Required.

Grading:

Grade Distribution

A = [92%-100%], A- = [90%-92%), B+ = [88%-90%), B = [82%-88%), B- = [80%-82%), etc. Grades are ``one point rounded.''

Course Point Distribution

The following is tentative. There are 900 total points for the course.

1. Individual assignments. There will be one programming assignment and two written assignments, 100 points each. 300 points, total. Assignments will be due in class. Except for emergencies, late assignments will not be accepted.

2. Group semester project. 300 points.

3. Presentation. 10-15 minute PowerPoint presentation on a computing security topic. 100 points.

4. Exams. There will be two semester exams, each worth 100 points. Tentatively, the exams will be Oct. 10 and Nov. 21. 200 points, total.

Current grades (password protected) may be viewed on the class home page.

Integrity:

Academic dishonesty will not be tolerated. We are all bound by the Academic Honor Code.

Course Handouts:

Course handouts may be made available once in class. After that, they may be obtained from the class home page.

Group Work:

This course involves a significant amount of group work. Each of you is expected to perform your fair share of the work and document the work you do. Those who shoulder substantially more or less of the group's workload may have their grades adjusted accordingly.

Attendance:

Attendance of classes is expected. It is your responsibility to catch up on missed class work.

Electronic Communication:

From time-to-time, I will need to send e-mail messages to the class. These messages will be addressed to your official Goucher e-mail addresses. You are responsible for checking your e-mail on a timely basis.

Distractions:

Cell phones must be turned off or set to ``silent'' during class. If you must enter late, do so as unobtrusively as possible. Likewise if you must leave early. Please use mental telepathy if you must hold a personal conference during class. I have ways of making you not talk!

Disabilities:

Any student with a documented disability should contact the Academic Center for Excellence (ACE) to arrange for academic accommodations for the course. Carefully follow all ACE's policies and procedures. Once you have coordinated with ACE, email me to make me aware of your accommodation. I will receive official correspondence from ACE; however, I would also like to receive an email from all students requiring accommodations for the semester. If your accommodation involves taking exams at ACE, it is your responsibility to schedule your exams with ACE. When scheduling exams with ACE, be sure to carbon copy me on any emails with ACE so that I have confirmation that everything is in order. This process is to be repeated for all exams throughout the semester.

Achieving Academic Success:

If you are struggling in this or other courses, I strongly encourage you to reach out for help sooner rather than later. Proactive strategies could include contacting the instructor directly, attending office hours, and/or taking advantage of the multitude of academic services that the Academic Center for Excellence offers. The responsibility is upon you to recognize when you need help and to take the steps necessary to succeed. Goucher College has a variety of resources available to help you succeed in your classes; use them!

Student-Athletes:

According to the Goucher College policy on Student-Athlete Responsibilities, all student-athletes are expected to contact me at the beginning of the semester to request approval for absences associated with athletic events (or scheduled departure times for such events) that conflict with the regularly scheduled class time. The approved absences will then be listed on a contract signed by both me and the student-athlete. Additionally, it is the responsibility of the student-athlete to complete all assignments covered in class during the approved absences and to obtain all handouts, assignments, and notes from the missed class(es). Student-athletes who fail to coordinate with me prior to any class absences will not be permitted to make-up missed assignments.

Student Responsibilities in Academic Conflicts (Field trips, Performances, etc.):

According to the Goucher College policy on Academic Conflicts, all students in situations in which you are confronted with obligations or responsibilities (ranging from participation in field trips in the visual arts or the sciences or rehearsals or performances in the performing arts to extra-curricula activities at which students are representing the college such as model senate events or varsity athletic contests) that conflict with regularly scheduled academic classes, are expected to contact me at the beginning of the semester, or as soon as the conflict is known, to request approval for absences that conflict with the regularly scheduled class time. The approved absences will then be listed on a contract signed by both myself and the student. Additionally, it is the responsibility of the student to complete all assignments covered in class during the approved absences and to obtain all handouts, assignments, and notes from the missed class(es). Students who fail to coordinate with me prior to any class absences will not be permitted to make-up missed assignments.

WKLV LV WKH VBVWHP DGPLQLVWUDWRU.
L QHHG BRXU SDVVZRUG.

Tom Kelliher