CS378: Spring 2013
Information Assurance and Security

Instructor: Dr. Bill Young; Unique number: 53580
Class time: MWF 9-10am; Location: JGB 2.216
Office: GDC 7.810; Office Hours: MWF 11-noon and by appt.
Office Phone: 471-9782; Email: byoung@cs.utexas.edu
TA: Wei Dong; Email: wdong86@cs.utexas.edu;
TA Hours: MW 12:30PM-2PM in PAI 5.33
This website: www.cs.utexas.edu/users/byoung/cs378/syllabus378.html



Important Class Announcements:

Breaking news important to the class will be posted here. Consult this spot often.

I'm sorry I've been slow about getting the papers back to you. I plan to have them all done by Wednesday, April 25. The final versions (along with the posters) are due by Thursday, May 2. Be sure to take account of the comments and also the general suggestion here: Hints for Papers.

Quote from the "Wow!" article linked below: "The Bureau of Labor Statistics projects that two-thirds of all available jobs in all fields of science and engineering during this decade---in the mathematical sciences, the physical sciences, the life sciences, engineering, and the social sciences---will be in computer science."

Too many folks are coming in late, even up to 25 minutes late. Starting Friday, no-one will be allowed to sign in late, without a good excuse. If you're not in your seat when the sign-in sheet passes, you're out of luck. If there is some legitimate reason why you arrived late, send me an email and I'll adjust the roll.

The order of presentations for the second half is here: Presentation Order. I'll update the list after each round so you can see where we are and if your slot is approaching. Please be ready to present at least one class day before you think you actually will present, because it may go faster than expected or someone may be absent. If you are missing from the presentation order, or if I got your topic wrong, please let me know ASAP.

All of the assignments for the remainder of the semester are now posted. I'd suggest that you read them over to see what is expected of you.

Our Piazza page is here: Piazza. Because there was already a page for CS 378 this semester, they named it "CS 378S". Check it out; it's an excellent place to post questions.

If you send me an email message, please put "CS378" in the header. I'm teaching two other class this semester and this helps me to understand the context of your question or comment.


Some Interesting Links:

When I find interesting articles relating to the course matter, I post them here. Some of these are pretty old, but interesting. The more recent articles are near the top. You are encouraged to read these, but they are not a required part of the course, unless I specifically require you to read selected ones.

Hacking Airplanes
Human side of cybercrime
Wow!
Cyberattacks that Destroy
Recruiting hackers
Tallinn Manual on Cyberwarfare
Highest Paying Tech Degrees
Demand for CyberSecurity Jobs Strong
Growth in CS Jobs
Cyberjobs Hot
Govt wants hackers
Cybersecurity skills hot
Beefing up Asymmetric Encryption
Better Password Encryption
Cyberthreats from Russia and China
Call for CyberSecurity Standards
Password Stealing
UK IT Skills Shortage and Cyber Threats
Sandia looks for bad guys in cyberspace
President's power in Cyberstrike
China Hack the New York Times
Shift in How US Wages War
Smartphone Sensors and Security
Pentagon to boost cybersecurity force
Internet vs. Sex
Cyber Attacks
Cyber Attacks
How vulnerable is the U.S.
Covert Channel between VMs
Anti-Virus Failures
Info on AES mixColumns
Peter Neumann
Experts needed
Women, minorities in Security
How Much Risk is Too Much?
Hotel locks hacked
Counterfeit chips
Counterfeit chips 2
Landing a cybersecurity job
DNS attack
security in the cloud
Education about the Internet
Cyberwar Rules
Cyber Attack
Value of the Internet
Attacks on RSA
Flaw in symmetric encryption
Could the Internet be Destroyed
Hackers in the Boardroom
CS Hot Major
Carelessness on the cloud
Sneakey
Malware in Electronics
Grads and security
Immune System Model
Dilbert on ISO 9000
Need to See Ahead
Hacking a Car
Cyberweapon that could bring down the Internet
Tool to Spot Vulnerabilities
Cyberwar Rules of Engagement
Security Game Changer
Power Grid Issues
Policy toward Iran
Bacteria as data storage
Internet Kill Switch
LM as Big Brother
Stuxnet from U.S. and Israel
DSS Trends report
War in Fifth Domain
Protecting Utilities
Google attack
Password changes
Google vs. China
Cyberattacks Existential Threat
Cyber Warriors
War Games
China and Cyber Attacks
Google Hack
CyberWarfare
Attack Certain
Need for a Cybersecurity Agenda
Information Operations Roadmap
Call for Cyber Treaty
Fear of Cyberattacks
Rainbow series
Bad Passwords
Computer Network Terrorism
Cyber Ninjas wanted
Exponential World Video


Course Description:

Information Assurance is dedicated to keeping information safe from harm. This encompasses computer security, but also communications security, operations security, and physical security. That's a lot to study in one course. For example, NSA has an Information Assurance Directorate tasked with: "detecting, reporting, and responding to cyber threats; making encryption codes to securely pass information between systems; and embedding IA measures directly into the emerging Global Information Grid. It includes building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions. It entails testing the security of customers' systems, providing OPSEC assistance, and evaluating commercial software and hardware against nationally set standards, to better meet our nation's IA needs."

Our approach will be to cover selected topics from this very broad area of study with the goal of preparing the student to think critically about security from a wholistic perspective, rather than a purely technical perspective. Topics may include:

  1. Introduction to Information Assurance
  2. Metrics for Information Assurance
  3. Networking and Cryptography
  4. Information Assurance Planning and Deployment
  5. Vulnerabilities and Protection
  6. Identity and Trust Technologies
  7. Verification and Evaluation
  8. Incident Response
  9. Human Factors
  10. Legal, Ethical, and Social Implications
My intention is that the class will be conducted more like a graduate seminar than like a traditional lecture class. That means that students are expected to read assigned materials prior to the class meeting and to participate actively in the discussion. A significant portion of your grade will be based on your engagement in the class.

Notice that CS students at UT have the option of completing a number of security-related courses and receiving a government-sanctioned certification in security. See the following link for information: Infosec Certification.

Prerequisites:

You are expected to have taken and passed the following courses (or equivalent) with a grade of at least C: CS310 or CS310H, CS336 or CS336H, and M408D or M408M. If you don't have the prerequisites, be sure to clear it with the CS department, or risk being dropped from the course.

Using Piazza:

This semester we will be using Piazza for class discussion. The system is highly catered to getting you help fast and efficiently from classmates, the TAs, and myself. Rather than emailing questions to the teaching staff, I encourage you to post your questions on Piazza. If you have any problems or feedback for the developers, email team@piazza.com. Our class page will be set up shortly and announced here.

Textbook and Slides:

There is no required text for the class this semester.

Handouts of all class slides will be made available over the course of the semester via links below. Slides are available in PostScript (PS) or in PDF format. The PostScript files can be viewed with Ghostview or printed on any postscript-compatible printer. The PDF files can be viewed with Acroread.

Acknowledgement: The slides for this course originally began from a slideset developed by Mark Wahl when he taught this course in the Fall Semester, 2005 and used with his permission. His version included the following notice: Copyright 2005. This material is intended for use by University of Texas students and faculty.

Slide set 1: Introduction to IA PS-4up  PDF-4up PDF

Slide set 1b: IA in the military PS-4up  PDF-4up PDF

Slide set 2: IA in Business PS-4up  PDF-4up  PDF

Slide set 3: Cryptography PS-4up  PDF-4up  PDF

Slide set 4: Signals PS-4up  PDF-4up  PDF

Slide set 4a: Networking PS-4up  PDF-4up  PDF

Readings and Assignments:

I will occasionally assign readings from papers over the course of the semester. You are expected to have read the assigned material and also to have read the course slides before class. There may be pop quizzes on this material at any time.

There will be several projects assigned over the course of the semester. Each student should work on assignments individually unless I explicitly say that teams are allowed. The projects generally will not be programming projects, but will involve writing short reports on various aspects of security. This is not a writing course and your spelling and grammar skill will not be graded. Rather, the grade will depend on the amount of thought and (possibly) research you put into the assignment. However, you should strive to produce quality work that is grammatically correct and formatted nicely.

It is likely that several of the assignments will be related to a given topic. This semester, that topic will be CyberWarfare.

Standing assignment: Read over the class slides before we discuss them.

Reading assignment: Read McAfee 2009 Virtual Criminology Report by Wednesday, January 25.

Assignment 1: due Friday, 2/1/13 at classtime

Assignment 2: due Friday, 2/15/13 at classtime

Assignment 3: due Friday, 3/1/13 at classtime

Assignment 4: due Wednesday, 3/6/12 at classtime

Assignment 5: three parts, due various times

In addition to the other assignments, each student will become the class expert in some specialized security topic, write a paper on that topic, and design a poster on the topic for a poster session and present the topic in class. A partial list of possible topics will be offered. If a topic strikes your fancy, you can claim it by sending me an email. All topics must be distinct. Since there are quite a few students in this class, we may do this in pairs.

Quizzes:

Short in-class quizzes may be given at any time. These will cover material covered in previous classes and check whether you are keeping up with the reading. There will be no makeups for quizzes you miss, but any single quiz is only a tiny proportion of your final grade.

Tests:

There will be two major tests during the semester. Your best study strategy is to review the readings and class notes and ensure that you understand thoroughly the topics we covered in class. Tests are open book / open notes. Both tests will be given during the regular class-time. The midterm will be held March 6, in class and will cover those topics we have covered in class up to that point. A sample midterm will be posted. The final test will be held in class May 1, in class. A sample final test will be posted. There will be no final exam during the exam period.

No laptops:

Students are asked not to have their laptops or other electronic devices open during class. Copies of all slides will be provided. Please just listen and absorb the material.

Grading policies:

Class attendance is required and will be checked on a majority of class days. Excessive unexcused absences will result in a reduced grade. If you don't plan to come to class regularly, don't register for this class. Signing in for another student not present will be considered cheating by both students.

Grades are averaged using the weighting below, with the following proviso: You will not receive passing credit for the course if you have unexcused absences for more than half of the scheduled class meetings at which attendance is taken.

Also, this class largely consists of discussion. You must participate in the discussions. If you are either too shy or too lazy to participate, it will affect your grade negatively. Please discuss it with me if you have issues that keep you from speaking up in class.

Attendance, Quizzes and Participation 15%
Paper and presentation 15%
Other Assignments 20%
Midterm Test 25%
Final Exam 25%

Course grades are assigned on the scale: A = 90-100; B = 80-90; etc., except that I reserve the right to be more generous than this indicates. That is, I may enlarge any of these ranges; I will not shrink any range.

How to Succeed in this Class:

You succeed in this class by participating fully. It may be possible to coast through it, but you won't get a good grade.
  1. Come to class regularly
  2. Read the slides several times before class
  3. Think carefully about the questions embedded in the slides (usually in purple)
  4. Do any assigned readings on time
  5. Participate in the class discussions
  6. Take enough time and care with the assignments

Class Newsgroup:

Your TA will set up a discussion group on Blackboard: Blackboard. Login with your UTEID and password. You will see announcements and courses in which you are enrolled. For each course, there are links to bmany useful resources. Your TA will post important announcements and assignments, and maintain a discussion forum called "Information Assurance and Security" in which you can discuss the course in general.

Scholastic Dishonesty:

Academic dishonesty will not be tolerated. See http://www.cs.utexas.edu/academics/conduct for an excellent summary of expectations of a student in a CS class.

All work must be the student's own effort (with the exception of explicitly approved group effort on projects). No deviation from the standards of scholastic honesty or professional integrity will be tolerated. Scholastic dishonesty is a serious violation of UT policy; and will likely result in an automatic F in the course and may result in further penalties imposed by the department or by the university. Don't do it. If you are caught, you will regret it. And if you're not caught, you're still a cheater.