CS 361: Fall, 2014
Introduction to Computer Security
Instructor: Dr. Bill YoungUnique number: 93090
Class time: MWF 2--3pm; Location: GAR 0.102
Office: GDC 7.810; Office Hours: MW 11am-noon, and by appointment
Office Phone: 512-471-9782; Email: email@example.com
TA: Zhao Song; Email: firstname.lastname@example.org
TA Office Hours: TBD
Proctor: TBD; Email: TBD
Proctor Office Hours: TBD
This website: www.cs.utexas.edu/users/byoung/cs361/syllabus361.html
Important Class Announcements:Breaking news important to the class will be posted here. Consult this spot often.
If you send me a message, please put CS361 in the subject line, so I'll know to which class it refers.
Course Description:CS 361 is an introduction to topics in computer security, one of the "hottest" and most relevant areas of computing today. The student will develop an intuition about what computer security means, both in the abstract and in the context of real systems; be able to recognize potential threats to confidentiality, integrity and availability; be aware of some of the underlying formalisms and technologies that attempt to address these challenges; and be conversant with current security-related issues in the field.
Topics to be covered will include:
Very important: This course has a new, blended format as of Fall, 2011. "Blended" means that a large portion of the course content is delivered on-line. Videotaped mini-lectures will be made available on-line via UT's Quest system: Quest system. You will view these prior to coming to class and answer a series of questions on-line. The class will meet twice a week, on Monday and Wednesday. Both are mandatory. We'll meet to discuss the material and assignments, and possibly have a short quiz to ensure that you've viewed the lectures and done the required preparation.
- Scope of the security problem;
- Various views of computer security;
- Security policies;
- Formalizing security properties;
- Elementary information theory;
- Elementary cryptography;
- Cryptographic protocols;
- Risk assessment;
- Malicious logic;
- System evaluation and certification.
We'll also have two exams. The midterm will be held on Friday, October 17 at the usual class time. The final exam will be at the time and place posted by the registrar for a class in our time slot, which is Saturday, 12/13 from 7-10pm: Finals Schedule. Don't make travel plans that will conflict with it.
Note: This is not a self-paced course. A chart of the material for each week is here: Log of lectures. You must view the mini-lectures and do the on-line portions as they are assigned, and you must attend class on the days we meet. You will have around 6 programming assignments over the course of the semester. If you don't have the self-discipline to keep up, you shouldn't take this course. A paper that describes the blended course is available here: Blended class
Using Piazza: We will be using Piazza for class communication. The Piazza system is highly catered to getting you help quickly and efficiently from classmates, the TA, and myself. Rather than emailing questions to the teaching staff, I encourage you to post your questions on Piazza. If you have any problems or feedback for the developers, email email@example.com. The Piazza class page will be posted shortly.
InfoSec Certification: Notice that CS students at UT have the option of completing a number of security-related courses and receiving a government-sanctioned certification in security. See the following link for information: Security certification.
Prerequisites:You are expected to have taken and passed the following courses (or equivalent) with a grade of at least C-: Computer Science 311, 311H, 313H, or 313K; Computer Science 314, 314H, 315, or 315H; Computer Science 310, 310H, 429, or 429H; and Mathematics 408C, 408K, or 408N. If you don't have the prerequisites, be sure to clear it with the CS department or risk being dropped from the class.
Text:There is no textbook. If you would like a book for reference purposes, ask me and I can suggest one. All of the lectures, slides, and supplementary materials are on-line. Note that there is a required fee for the use of the Quest system. This is very cheap compared to the cost of a textbook.
Fee for Quest System:This course makes use of the web-based Quest content delivery system maintained by the UT College of Natural Sciences. Go to Quest system to log in to the Quest system for this class. This service requires a charge per student for its use, which goes toward the maintenance and operation of the resource. At some point during the semester, when you log into Quest you will be required to pay via credit card on a secure payment site. You may have the option to wait some time to pay while still continuing to use Quest for your assignments. But, at some point, you will be kicked off the system and not able to continue in our course; so be sure to pay up. If you are taking more than one course using Quest, there is a maximum Quest fee per semester you will have to pay. For payment questions, email firstname.lastname@example.org.
Class Notes:All of the class slides will be available via links below. They will be made them available as we cover new material and you are welcome to print them out or view them on-line. Slides are available in 4-up PostScript (PS) or in PDF format (full size and in 4-ups). The PostScript files can be viewed with Ghostview or printed on any postscript-compatible printer. The PDF files can be viewed with Acroread.
A listing of the lectures for each week is here: Log of lectures. Slides are grouped into lectures, which are grouped into modules. Each week, you will cover one or more modules. Note that you must view the video associated with each lecture. It is not adequate to just read the slides.
Notice that the schedule assumes that the semester has 14 weeks. It actually has 15 weeks. We'll consider the first "week" on this schedule to end on 9/5, which is actually the second week of the semester.
Week 1: Module 1:Lecture 1: Introduction PS-4up PDF-4up PDF
Lecture 2: Why Security is Hard PS-4up PDF-4up PDF
Lecture 3: Security as Risk Management PS-4up PDF-4up PDF
Lecture 4: Aspects of Security PS-4up PDF-4up PDF
Assignments:There will be around 6 programming assigments over the course of the semester. They should be done in the Java programming language. If you don't know Java, discuss it with me and I may allow an alternative arrangement. Each student should work on programming assignments in collaboration with one other student. Make sure that all submissions clearly identify which students contributed to the project.
You have another standing assignment: For each video you view, there are several short essay questions to be answered. Collectively, these questions are counted as equal to two programming assignments. They are linked below. The questions are typically due at 5pm on the Thursday of the week they are assigned. You are strongly encouraged to attempt them before you come to class on Wednesday so you can ask any questions you may have, and be prepared for a possible quiz.
Programs will be graded on a 10 point scale, and will be accepted up to two days late with a deduction of one point per day late, up to 2 days late. The number of days late is purely a function of the timestamp recorded when you submit the assignment. The TAs may turn off the turnin program after the due date, and accept late assignments by email. Please coordinate with the TAs regarding late submissions, or if you desire to re-submit an assignment following the due date.
After an assignment has been graded, it is your responsibility to check Canvas to see that your assignment grades have been posted correctly. It's not OK to complain at the end of the semester that some grades weren't posted or were posted incorrectly.
Instructions for turnin: Programs and question assignments will be submitted via the Canvas turnin program. Instructions will be posted.
Links to all assignments will appear below. Check this page often and be sure to check that any particular assignment or due date has not been changed. Each week expect one set of questions on the lectures. Programming assignments will come about every other week.
Questions Week 1: Week 1: Due Thursday, 9/4 by 5pm
Quizzes:Short in-class quizzes may be given at any time. These will cover material previously covered or material in the mini-lectures you were expected to view. Material for a week is fair game for a Wednesday quiz. The goal of quizzes is to test your understanding of the material and to give you an idea of the types of questions that will appear on tests. There will be no makeups for quizzes you miss, but any single quiz is only a small proportion of your final grade.
Tests:There will be two major tests during the semester: a midterm and final. Tests are closed-book, closed-notes tests, except that you may bring a single handwritten 3 x 5 inch index card of notes (both sides) for the midterm, and two such cards for the final. Your best study strategy is to review the class notes and ensure that you understand thoroughly the topics we have covered. Sample tests and vocabulary lists will be posted.
No laptops:Students should not have laptops or other electronic devices open during class discussions. Copies of all slides are provided. Please just listen, participate and absorb the material.
Grading policies:Class attendance is mandatory for our two weekly meetings, and will be checked. Excessive unexcused absences will result in a reduced grade. If you don't plan to come to class regularly, please don't register for this class. Signing in for another student not present will be considered cheating by both students.
Grades are averaged using the weighting below:
Component Percent Attendance, Quizzes and Participation 10% Assignments 40% Midterm Exam 25% Final Exam 25%
Course grades are assigned on the scale: A = 90-100; B = 80-90; etc. (I don't grade on the +/- grading system.) However, I reserve the right to be more generous than these ranges indicate. That is, I may enlarge any of these ranges; I will not shrink any range.
Scholastic Dishonesty:Academic dishonesty will not be tolerated. See http://www.cs.utexas.edu/academics/conduct for an excellent summary of expectations of a student in a CS class.
All work must be the student's own effort (with the exception of group effort on programs). Work by students in previous semesters is not your own effort. Don't even think about turning in such work as your own, or even using it as a basis for your work. We have very sophisticated tools to find such cheating and we use them routinely. Several students didn't heed this warning in past semesters and paid a heavy price. It's far better to get a 0 on an assignment than to cheat.
No deviation from the standards of scholastic honesty or professional integrity will be tolerated. Scholastic dishonesty is a serious violation of UT policy; and will likely result in an automatic F in the course and may result in further penalties imposed by the department or by the university. Don't do it. If you are caught, you will regret it. And if you're not caught, you're still a cheater.
Students with Disabilities:Students with disabilities may request appropriate academic accommodations from the Division of Diversity and Community Engagement, Services for Students with Disabilities, 471-6259, http://www.utexas.edu/diversity/ddce/ssd.
Some Interesting Links:As I find articles or websites that seem of interest to this class, I'll post them below. The most recent are at the top.
Short of Cyberwarriors
Health Hack Inevitable
Top IT Job Salaries
CS Enrollments Soaring
Security: A Higher Calling?
Covert Channels in Acoustical Networks
Government doesn't follow best practice.
Adobe Encrypts Passwords
Women needed in Cybersecurity
Morris Worm at 25
Women in CS
Scholars for Service program
$1M Cyber challenge
NSA breaking encryptions
Security jobs hot
Attracting security pros
Human side of cybercrime
IT Jobs Up, Degrees Down
Is RSA Obsolete?
Preventing Cyber Pearl Harbor
Covert Channel between VMs
Info on AES mixColumns
Govt wants hackers
Women, minorities in Security
This site contains a nice animation of AES-128: AES
Cute cartoon about Feistel ciphers
Encryption for the masses
Fully Secure OS?
iPad as Secure Device
DoD Money for Hackerspaces
Cities with Most CS Jobs
Have Hackers Won?
Smother Cyber Attacks
Sale of Zero-day exploits
Algorithms rule the world
Hotel locks hacked
Flaw in AES
One Time Pad
Hot Skills for 2011
Cyber attack threat