CS361: Fall, 2009
Instructor: Dr. Bill Young; Unique number: 54640
Introduction to Computer Security
Class time: MWF 11am-noon; Location: RAS 310
Office: TAY 5.140; Office Hours: MWF 10-11am and by appt.
Office Phone: 471-9782; Email: byoung@cs.utexas.edu
TA: TaeHwan Choi; Email: ctlight@gmail.com
TA Office Hours: ENS 31NQ, Desk 5: Tuesday 11am-noon and Friday noon-1pm
This website: www.cs.utexas.edu/users/byoung/cs361/syllabus361.html
Important Class Announcements:
Breaking news important to the class will be posted here. Consult this spot often.There will be no class on Wednesday, November 25.
Reading assignment for 11/23/09: Read this very short paper "Understanding the Windows EAL4 Evaluation" by Jonathan S. Shapiro found here Shapiro or available at various places on-line.
Next semester, Prof. Brent Waters will be teaching CS 346 undergraduate Cryptography. Prof. Waters main research area is crypto, so it should be an excellent course. He plans to cover the core material, but also give some exposure to recent research. The course is TT 9:30-11.
Course Description:
CS 361 is an introduction to topics in computer security, one of the "hottest" and most relevant areas of computing today. The student will achieve a firm intuition about what computer security means, both in the abstract and in the context of real systems; be able to recognize potential threats to confidentiality, integrity and availability; be aware of some of the underlying formalisms and technologies that attempt to address these challenges; and be conversant with current security-related issues in the field.Topics to be covered may include:
Notice that CS students at UT have the option of completing a number of security-related courses and receiving a government-sanctioned certification in security. See the following link for information: Security certification.
- Scope of the security problem;
- Various views of computer security;
- Security policies;
- Formalizing security properties;
- Elementary information theory;
- Elementary cryptography;
- Cryptographic protocols;
- Authentication;
- Risk assessment;
- Malicious logic;
- System evaluation and certification.
Prerequisites:
You are expected to have taken and passed the following courses (or equivalent) with a grade of at least C: CS310 or CS310H, CS336 or CS336H, and M408D or M408M. If you don't have the prerequisites, be sure to clear it with the CS department.
Recommended text:
Matt Bishop, Introduction to Computer Security, latest edition, Addison-Wesley.
Class Notes:
All of the class slides are available on-line. I'll try to make them available in advance so you can print them out and take notes on them.Handouts of all class slides will be made available over the course of the semester via links below. Slides are available in PostScript (PS) or in PDF format. The PostScript files can be viewed with Ghostview or printed on any postscript-compatible printer. The PDF files can be viewed with Acroread.
Slide set 1: What is Security? PS-4up PDF-4up PDF
Slide set 2: Policies and Channels, Part I PS-4up PDF-4up PDF
Proof of Unwinding Theorem: PS PDF
Slide set 3: Policies and Channels, Part II PS-4up PDF-4up PDF
Slide set 4: Information Theory PS-4up PDF-4up PDF
Slide set 5: Cryptography I PS-4up PDF-4up PDF
Slide set 6: Cryptography II PS-4up PDF-4up PDF
Cute cartoon about Feistel ciphers
Slide set 7: Cryptographic Protocols PS-4up PDF-4up PDF
Slide set 8: PGP PS-4up PDF-4up PDF
Slide set 9: Availability PS-4up PDF-4up PDF
Slide set 10: Common Criteria PS-4up PDF-4up PDF
The documentation for the German Waste Bin Identification System protection profile: WBIS. Documentation for the Sun Java Identity Manager: Sun Identity Manager. Rockwell Collins AAMP7G processor certification: AAMP7G
Assignments:
The textbook is recommended only and can be used to give additional information on the topics we cover in class. I may additionally assign readings available on-line. Nothing will be tested that is not on the class notes or handouts.There will also be several (usually 5 or 6) programming assigments over the course of the semester. These should be done in the Java programming language. Each student may work on programming assignments individually or in collaboration with one other student. Make sure that all submissions clearly identify which students contributed to the project.
Programs will be submitted to your TA. Concerns about your program grades should be addressed first with the TA, and only with Dr. Young if you can't obtain satisfaction there. Information on how to submit your work will be posted here.
For information on how to submit your work please visit: Submission info.
Programs will be graded on a 10 point scale with 1 point deducted for each day the program is late. The number of days late is purely a function of the timestamp recorded when you submit the assignment. The TA will turn off the turnin program after the due date, but will accept late assignments by email. Please coordinate with the TA regarding late submissions, or if you desire to re-submit an assignment following the due date.
After an assignment has been graded, it is your responsibility to check Egradebook to see that your assignment grades have been posted correctly. It's not OK to complain at the end of the semester that some grades weren't posted or were posted incorrectly.
Links to the assignments will appear below. Check this page often and be sure to check that any particular assignment or due date has not been changed.
Assignment 3: Due 10/5/09 (note change to Monday from Friday)
Reading assignment for 11/23/09: Read this very short paper "Understanding the Windows EAL4 Evaluation" by Jonathan S. Shapiro found here Shapiro or available at various places on-line.
Readings:
I will post below the sections in your textbook that contain information on the material we are covering in class. These sections may also contain some topics we did not cover. Read selectively to improve your knowledge, but you will not be expected to know material we did not cover in class.
- Chapter 1: introductory material
- Chapter 4: security policies
- Chapter 5: confidentiality policies
- Chapter 16: covert channels
- Chapter 6: integrity policies
- Chapter 7: hybrid policies
- Chapter 2: access control matrices
- Chapter 3: foundational results
- Section 8.2 (through 8.2.2): non-interference
- Chapter 9-11: cryptography
- Chapter 12: authentication
- Chapter 21: system evaluation
Quizzes:
Short in-class quizzes may be given at any time. These will cover material covered in previous classes. The goal of quizzes is to test your understanding of the material and to give you an idea of the types of questions that will appear on exams. There will be no makeups for quizzes you miss, but any single quiz is only a tiny proportion of your final grade.
Tests:
There will be two major tests during the semester: a midterm and final. Exams are closed-book, closed-notes tests, except that you may bring a single handwritten 3 x 5 index card of notes (both sides). Your best study strategy is to review the class notes and ensure that you understand thoroughly the topics we covered in class and on the quizzes.The midterm exam is Monday, October 12, from 7-10pm in GSB 2.126. If you have a verifiable conflict, I'll arrange for you to take the test at a different time. A sample midterm is here Sample Midterm; a vocabulary list is here: Vocabulary list There may be a few items on both of these that we haven't yet covered. Everything on the test will be from material we have covered in class.
The final exam will be held Wednesday, December 9 from 7-10pm in UTC 4.104. It's a very bad idea to make travel plans that conflict with the exam time. If you have a verifiable conflict, I will attempt to arrange for you to take an early exam. The final is comprehensive. A sample final and vocabulary list will be distributed.
No laptops:
Students are asked not to have their laptops or other electronic devices open during class. Copies of all slides will be provided. Please just listen and absorb the material.
Grading policies:
Class attendance is mandatory and will be checked on a majority of class days. Excessive unexcused absences will result in a reduced grade. If you don't plan to come to class regularly, please don't register for this class. Signing in for another student not present will be considered cheating by both students.Grades are averaged using the weighting below:
Attendance, Quizzes and Participation 15% Assignments 25% Midterm Exam 30% Final Exam 30%
Course grades are assigned on the scale: A = 90-100; B = 80-90; etc., except that I reserve the right to be more generous than this indicates. That is, I may enlarge the range for any grades.
Scholastic Dishonesty:
Academic dishonesty will not be tolerated. See http://www.cs.utexas.edu/academics/conduct for an excellent summary of expectations of a student in a CS class.All work must be the student's own effort (with the exception of group effort on programs). Work by students in previous semesters is not your own effort. Don't even think about turning in such work as your own, or even using it as a basis for your work. We have very sophisticated tools to find such cheating and we use them routinely. Several students didn't heed this warning in past semesters and paid a heavy price. Also, if you turn in homework done by a student in an earlier semester, I will assume that they collaborated with you and will reserve the right to change retroactively their grade in the class to an F. If they've graduated, this means that their degree could be invalidated. Don't risk your future and your friends' futures. It's far better to get a 0 on an assignment than to cheat.
No deviation from the standards of scholastic honesty or professional integrity will be tolerated. Scholastic dishonesty is a serious violation of UT policy; and will likely result in an automatic F in the course and may result in further penalties imposed by the department or by the university. Don't do it. If you are caught, you will regret it. And if you're not caught, you're still a cheater.