CS378: Spring 2009
Information Assurance and Security

Unique number: 54300
Class time: MWF 9-10am; Location: RLM 6.122
Instructor: Dr. Bill Young
Office: TAY 5.140 Office Hours: MWF 10-11am and by appointment
Office Phone: 471-9782; Email: byoung@cs.utexas.edu
TA: Wei Dong; Email: wdong86@gmail.com;
TA Hours: Tues. 10-11am, Wed. 12:30-1:30pm at ENS 31NQ, Desk 1
Class website: www.cs.utexas.edu/users/byoung/cs378/syllabus378.html



Important Class Announcements:

Breaking news important to the class will be posted here. Consult this spot often.

At this point, there are only three more presentations left, which we'll likely finish on Friday. Your questions (assignment 6) are due by Monday at class time. I'd prefer that you send them electronically to me and to the TA. The presentation order is: Order.

The final test will be Wednesday, May 6 at our regular class time and location. If you have some special circumstances, please discuss them with me ASAP.

Exponential World Video


Course Description:

Information Assurance is dedicated to keeping information safe from harm. This encompasses computer security, but also communications security, operations security, and physical security. That's a lot to study in one course. For example, NSA has an Information Assurance Directorate tasked with: "detecting, reporting, and responding to cyber threats; making encryption codes to securely pass information between systems; and embedding IA measures directly into the emerging Global Information Grid. It includes building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions. It entails testing the security of customers' systems, providing OPSEC assistance, and evaluating commercial software and hardware against nationally set standards, to better meet our nation's IA needs."

Our approach will be to cover selected topics from this very broad area of study with the goal of preparing the student to think critically about security from a wholistic perspective, rather than a purely technical perspective. Topics may include:

  1. Introduction to Information Assurance
  2. Metrics for Information Assurance
  3. Networking and Cryptography
  4. Information Assurance Planning and Deployment
  5. Vulnerabilities and Protection
  6. Identity and Trust Technologies
  7. Verification and Evaluation
  8. Incident Response
  9. Human Factors
  10. Legal, Ethical, and Social Implications
My intention is that the class will be conducted more like a graduate seminar than like a traditional lecture class. That means that students are expected to read assigned materials prior to the class meeting and to participate actively in the discussion. A significant portion of your grade will be based on your engagement in the class.

Notice that CS students at UT have the option of completing a number of security-related courses and receiving a government-sanctioned certification in security. See the following link for information: Security certification.

Prerequisites:

You are expected to have taken and passed the following courses (or equivalent) with a grade of at least C: CS310 or CS310H, CS336 or CS336H, and M408D or M408M. If you don't have the prerequisites, be sure to clear it with the CS department, or risk being dropped from the course.

Required text:

Michael Whitman and Herbert Mattord, Principles of Information Security, Thomson: Boston, 2005.

Handouts of all class slides will be made available over the course of the semester via links below. Slides are available in PostScript (PS) or in PDF format. The PostScript files can be viewed with Ghostview or printed on any postscript-compatible printer. The PDF files can be viewed with Acroread.

Acknowledgement: The course slides are derived from slides developed by Mark Wahl when he taught this course in the Fall Semester, 2005 and are used with his permission. His version included the following notice: Copyright 2005. This material is intended for use by University of Texas students and faculty.

Slide set 1: Introduction to IA PS-4up  PDF-4up PDF

Slide set 2: IA in Business PS-4up  PDF-4up  PDF

Slide set 3: Cryptography PS-4up  PDF-4up  PDF

Slide set 4: Signals and Networking PS-4up  PDF-4up  PDF

Slide set 5: Metrics PS-4up  PDF-4up  PDF

Slide set 6: Planning and Deployment PS-4up  PDF-4up  PDF

Slide set 7: Perimeter Defenses PS-4up  PDF-4up  PDF

Slide set 8: Interior Defenses PS-4up  PDF-4up  PDF

Slide set 9: Incident Response PS-4up  PDF-4up  PDF

Slide set 10: Ethics PS-4up  PDF-4up  PDF

Slide set 11: Trust Relationships PS-4up  PDF-4up  PDF

Slide set 12: Certification PS-4up  PDF-4up  PDF

Readings:

There will be reading assignments in the textbook and in materials distributed by the instructor. You will be expected to have read the assigned materials before the class in which they are discussed. Expect frequent beginning-of-class quizzes to ensure that you have done so.

1. Introduction to Information Assurance  Whitman Ch. 1,2, Annex
2. IA in Business
3. CryptographyWhitman Ch. 8, "To Err is Human"
4. Networking
5. MetricsWhitman Ch. 4
6. Planning & DeploymentWhitman Ch. 5, 12

Assignments:

Homework assignments from Whitman will be listed below. These will not be collected or graded. But they indicate the important aspects of the reading. You are advised to do them.

Whitman Chapter 1.Review Questions 1, 2, 4, 11, 19; Exercises 3, 4
Whitman Chapter 2.Review Questions 4-7, 10-20
Whitman Chapter 8.Review Questions 4-7, 12, 13, 15, 16, 19
Whitman Chapter 4.Review Questions 1, 6, 8, 13-20; Exercise 1
Whitman Chapter 5.Review Questions 7, 8, 9, 11-14
Whitman Chapter 12.Review Questions 7, 8, 9, 11, 15

In addition, there will be several projects assigned over the course of the semester. Each student should work on assignments individually unless I explicitly say that teams are allowed. The projects generally will not be programming projects, but will involve writing short reports on various aspects of security.

Assignment 1: Due Monday 2/2/09

Assignment 2: Due Wednesday 2/11/09

Assignment 3: Due Wednesday 2/25/09

Assignment 4: Due Monday 3/9/09

Assignment 5: Several parts, due at various times.

Assignment 6: Due one class day after the end of the presentations.

Each student will become the class expert in some specialized security topic, write a paper on that topic, and design a poster on the topic for a poster session. A partial list of possible topics will be offered. I may also periodically hand out some problem sheets. These will not be collected or graded.

Quizzes:

Short in-class quizzes may be given at any time. These will cover material covered in previous classes and check whether you are keeping up with the reading. There will be no makeups for quizzes you miss, but any single quiz is only a tiny proportion of your final grade.

Tests:

There will be two major tests during the semester: a midterm and final. Your best study strategy is to review the readings and class notes and ensure that you understand thoroughly the topics we covered in class.

The midterm will be held at our regular class time, Wednesday, March 11. It is an open book, open notes test. It will cover only those topics we have covered in class up to that point. A sample midterm is here: Sample midterm.

The final test will be held Wednesday, May 6, at our usual class time and location. If you have some special circumstance, notify me ASAP. The test is open book/open notes.

may be held at the regularly scheduled time for the final in this time slot (Tuesday, May 19 from 9am-noon) or may be given the last week of classes (depending on the class sentiment and the instructor's discretion). Both tests will be open book/open notes.

No laptops:

Students are asked not to have their laptops or other electronic devices open during class. Copies of all slides will be provided. Please just listen and absorb the material.

Grading policies:

Class attendance is required and will be checked on a majority of class days. Excessive unexcused absences will result in a reduced grade. If you don't plan to come to class regularly, don't register for this class. Signing in for another student not present will be considered cheating by both students.

Grades are averaged using the weighting below, with the following proviso: You will not receive passing credit for the course if you have unexcused absences for more than half of the scheduled class meetings at which attendance is taken.

Attendance, Quizzes and Participation 15%
Assignments 25%
Midterm Test 30%
Final Exam 30%

Course grades are assigned on the scale: A = 90-100; B = 80-90; etc., except that I reserve the right to be more generous than this indicates. That is, I may enlarge the range for any grades.

Class Newsgroup:

Your TA has set up a discussion group on Blackboard: Blackboard. Login with your UTEID and password. You will see announcements and courses in which you are enrolled. For each course, there are links to many useful resources. Your TA will post important announcements and assignments, and maintain a discussion forum called "Information Assurance and Security" in which you can discuss the course in general.

Scholastic Dishonesty:

Academic dishonesty will not be tolerated. See http://www.cs.utexas.edu/academics/conduct for an excellent summary of expectations of a student in a CS class.

All work must be the student's own effort (with the exception of explicitly approved group effort on projects). No deviation from the standards of scholastic honesty or professional integrity will be tolerated. Scholastic dishonesty is a serious violation of UT policy; and will likely result in an automatic F in the course and may result in further penalties imposed by the department or by the university. Don't do it. If you are caught, you will regret it. And if you're not caught, you're still a cheater.