CS361: Fall, 2008
Unique number: 55700
Introduction to Computer Security
Class time: MWF 2-3pm; Location: RLM 5.104
Instructor: Dr. Bill Young
Office: TAY 5.140
Office Hours: Monday and Friday 1-2pm and by appointment
Office Phone: 471-9782; Email: byoung@cs.utexas.edu
TA: Samuel Son; Email: samuel@cs.utexas.edu
TA Office Hours: Monday and Wed. 11-12:30pm and by appt. at ENS 31NQ Desk 1
Class website: www.cs.utexas.edu/users/byoung/cs361/syllabus361.html
Class newsgroup:utexas.class.cs361
Important Class Announcements:
Breaking news important to the class will be posted here. Consult this spot often.The final exam is Saturday, December 13 from 2-5pm in JGB 2.102 (Geology building). If you have a verifiable conflict, I will attempt to arrange for you to take an early exam. The final is comprehensive. A sample final is available here: PS PDF. For the final question, consider AES rather than DES. Don't forget that you can bring a handwritten 4 x 6 inch card of notes to the exam.
Here are the five quizzes from this semester: quiz1.pdf quiz2.pdf quiz3.pdf quiz4.pdf quiz5.pdf. Here are the answers quiz-answers.
Course Description:
CS 361 is an introduction to topics in computer security, one of the "hottest" and most relevant areas of computing today. The student will achieve a firm intuition about what computer security means, both in the abstract and in the context of real systems; be able to recognize potential threats to confidentiality, integrity and availability; be aware of some of the underlying formalisms and technologies that attempt to address these challenges; and be conversant with current security-related issues in the field.Topics to be covered may include:
Notice that CS students at UT have the option of completing a number of security-related courses and receiving a government-sanctioned certification in security. See the following link for information: Security certification.
- Scope of the security problem;
- Various views of computer security;
- Security policies;
- Formalizing security properties;
- Elementary information theory;
- Elementary cryptography;
- Cryptographic protocols;
- Authentication;
- Risk assessment;
- Malicious logic;
- System evaluation and certification.
Prerequisites:
You are expected to have taken and passed the following courses (or equivalent) with a grade of at least C: CS310 or CS310H, CS336 or CS336H, and M408D or M408M. If you don't have the prerequisites, be sure to clear it with the CS department.
Recommended text:
Matt Bishop, Introduction to Computer Security, Addison-Wesley.
Class Notes:
All of the class slides are available on-line. I'll try to make them available in advance so you can print them out and take notes on them.Handouts of all class slides will be made available over the course of the semester via links below. Slides are available in PostScript (PS) or in PDF format. The PostScript files can be viewed with Ghostview or printed on any postscript-compatible printer. The PDF files can be viewed with Acroread.
Slide set 1: What is Security? PS-4up PDF-4up PDF
Slide set 2: Policies and Channels, Part I PS-4up PDF-4up PDF
Proof of Unwinding Theorem: PS PDF
Slide set 3: Policies and Channels, Part II PS-4up PDF-4up PDF
Slide set 4: Information Theory PS-4up PDF-4up PDF
Slide set 5: Cryptography I PS-4up PDF-4up PDF
Slide set 6: Cryptography II PS-4up PDF-4up PDF
Slide set 7: Cryptographic Protocols PS-4up PDF-4up PDF
Slide set 8: PGP PS-4up PDF-4up PDF
Slide set 10: Common Criteria PS-4up PDF-4up PDF
Slide set 9: Availability PS-4up PDF-4up PDF
Assignments:
The textbook is recommended only and can be used to give additional information on the topics we cover in class. I may additionally assign readings available on-line. Nothing will be tested that is not on the class notes or handouts.There will also be several (usually 5 or 6) programming assigments over the course of the semester. These should be done in the Java programming language. Each student may work on programming assignments individually or in collaboration with one other student. Make sure that all submissions clearly identify which students contributed to the project.
Programs will be submitted to your TA. Concerns about your program grades should be addressed first with the TA, and only with Dr. Young if you can't obtain satisfaction there. For information on how to submit your work please visit: Submission info.
Programs will be graded on a 10 point scale with 1 point deducted for each day the program is late. The number of days late is purely a function of the timestamp recorded when you submit the assignment. The TA will turn off the turnin program after the due date, but will accept late assignments by email. Please coordinate with the TA regarding late submissions, or if you desire to re-submit an assignment following the due date.
Links to the assignments will appear below. Check this page often and be sure to check that any particular assignment or due date has not been changed.
Optional Assignment 2b: Due 9/29/08
Reading assignment for 11/26/08: Read this very short paper "Understanding the Windows EAL4 Evaluation" by Jonathan S. Shapiro found here Shapiro or available at various places on-line.
Readings:
I will post below the sections in your textbook that contain information on the material we are covering in class. These sections may also contain some topics we did not cover. Read selectively to improve your knowledge, but you will not be expected to know material we did not cover in class.
- Chapter 1: introductory material
- Chapter 4: security policies
- Chapter 5: confidentiality policies
- Chapter 16: covert channels
- Chapter 6: integrity policies
- Chapter 7: hybrid policies
- Chapter 2: access control matrices
- Chapter 3: foundational results
- Section 8.2 (through 8.2.2): non-interference
Quizzes:
Short in-class quizzes may be given at any time. These will cover material covered in previous classes. The goal of quizzes is to test your understanding of the material and to give you an idea of the types of questions that will appear on exams. There will be no makeups for quizzes you miss, but any single quiz is only a tiny proportion of your final grade.
Tests:
There will be two major tests during the semester: a midterm and final. Exams are closed-book, closed-notes tests, except that you may bring a single handwritten 3 x 5 index card of notes (both sides). Your best study strategy is to review the class notes and ensure that you understand thoroughly the topics we covered in class.The midterm exam will be held (tentatively) on Wednesday, October 15 from 7-10pm in BUR 112. If you have a verifiable conflict, please let me know ASAP and we'll arrange for you to take it early. A sample midterm is available here: PS PDF This sample contains actual questions from a previous semester's midterm, but some of them may be for material we have not yet covered this semester. There is also a vocabulary list here vocab. Note that it contains vocabulary for the entire semester. You obviously are not responsible for any material we have not yet covered.
The final exam will be at the time scheduled for a class in this time slot. According to the registrar's website, Final Exam Schedule, that is Saturday, December 13 from 2-5pm. Don't make travel plans that conflict with the exam time. If you have a verifiable conflict, I will attempt to arrange for you to take an early exam. The final is comprehensive. A sample final is available here: PS PDF. For the final question, consider AES rather than DES. Don't forget that you can bring a handwritten 4 x 6 inch card of notes to the exam.
No laptops:
Students are asked not to have their laptops or other electronic devices open during class. Copies of all slides will be provided. Please just listen and absorb the material.
Grading policies:
Class attendance is encouraged and will be checked on a majority of class days. Excessive unexcused absences will result in a reduced grade. If you don't plan to come to class regularly, please don't register for this class. Signing in for another student not present will be considered cheating by both students.Grades are averaged using the weighting below:
Attendance, Quizzes and Participation 15% Assignments 25% Midterm Exam 30% Final Exam 30%
Course grades are assigned on the scale: A = 90-100; B = 80-90; etc., except that I reserve the right to be more generous than this indicates. That is, I may enlarge the range for any grades.
Class Newsgroup:
The TA will set up a course newsgroup (utexas.class.cs361). To access the newsgroup, students can use Pine or Netscape in the department machines and can access the newsgroup from off campus. Dr. Young typically does not monitor the newsgroup. Information about UT newsgroups can be found at News Group information
Scholastic Dishonesty:
Academic dishonesty will not be tolerated. See www.cs.utexas.edu/users/ear/CodeOfConduct.html for an excellent summary of expectations of a student in a CS class.All work must be the student's own effort (with the exception of group effort on programs). Work by students in previous semesters is not your own effort. Don't even think about turning in such work as your own, or even using it as a basis for your work. We have very sophisticated tools to find such cheating and we use them routinely. Several students didn't heed this warning in past semesters and paid a heavy price. Also, if you turn in homework done by a student in an earlier semester, I will assume that they collaborated with you and will reserve the right to change retroactively their grade in the class to an F. If they've graduated, this means that their degree could be invalidated. Don't risk your future and your friends' futures. It's far better to get a 0 on an assignment than to cheat.
No deviation from the standards of scholastic honesty or professional integrity will be tolerated. Scholastic dishonesty is a serious violation of UT policy; and will likely result in an automatic F in the course and may result in further penalties imposed by the department or by the university. Don't do it. If you are caught, you will regret it. And if you're not caught, you're still a cheater.