CSCI 343 - Computer and Information Security
MWF 2:30-3:20pm, King 221
Fall 2006
Oberlin College

Professor: Benjamin Kuperman
email: benjamin.kuperman AT oberlin edu
kuperman AT cs oberlin edu
Please include "cs343" in the subject.
AIM: ProfKuperman
Office: King 223E
Phone: x58556
Office Hours: Tuesday, 3:00-4:30pm
Thursday, 10:00-11:30am
or by appointment

Contents

Course Description

From the Oberlin catalog course description:

Introduce Students to fundamental concepts in computer and information security. Topics that may be covered include: threats and vulnerabilities, malicious software, defensive programming techniques, basic cryptography, models of security, auditing, intrusion detection, basic database security, digital rights management, and issues of laws and ethics related to information security. This course is designed to present a broad survey of the field rather than an in depth study of a particular portion.

Goals and course objectives

My goals and objectives for students taking this course are as follows:

  1. Be familiar with the terminology in use in computer security
  2. Understand the goals and terminology of computer and information security and be able to apply them in diverse areas
  3. Be familiar with modern threats and mitigation techniques
  4. Able to critically analyze security needs and requirements
  5. Understand the need for security and auditing
  6. Understand formal models of security including Bell-LaPadula, Biba, Chinese Wall, etc.
  7. Understand basic cryptographic techniques and be familiar with some modern implementations
  8. Understand common program vulnerabilities and secure programming techniques

Text and Useful Links

The text for this course will be the following:

Required textbook:
Security in Computing

Security in Computing by Pfleeger & Pfleeger, 3rd edition.

  1. OhioLink has an online copy
  2. A list of errata in the current version
Recommended textbook:
Security Engineering

Security Engineering by Ross Anderson.

  1. He has posted an online copy

For a more theoretical treatment, there is also:

  1. Computer Security by Matt Bishop (more of a graduate level text)
  2. Introduction to Computer Security by Matt Bishop (the above re-worked as an undergraduate text)

There are also a large number of sites on security that are available. If you stumble across anything particularly interesting, let me know so I can add it here.

Security Link Sites

General Computer Security Paper Collections

Grading

Grades will be calculated based on the following distribution:

The distribution might be adjusted based on the progression of the course.

Homework and Course Policy

Attendance

Regular class attendance and participation is expected. Please talk to me if regular class attendance is going to be a problem.

Homework Assignments

There will be a number of assignments made in this class. I expect every student to attempt each assignment and turn in the results. You are encouraged to complete every assignment as this is one of the most effective ways to learn the material.

If you know that for some reason you will not be able to submit the assignment before the deadline, you should contact me in advance of the deadline. Extensions are only granted in exceptional circumstances, but need to be done in advance.

Late assignments will be penalized 10% per day. Extra credit will not be accepted after the initial deadline.

Accommodations for students with disabilities

If you have a disability that might impact your performance in this course, or requires special accommodation, please contact me as soon as possible so that appropriate arrangements can be made. Support is available through Student Academic Services, specifically Jane Boomer. You will need to contact them to get your disability documented before accommodations can be made.

Plagiarism and Academic Dishonesty

I have very low tolerance for academic dishonesty, and will vigorously pursue available remedies for any incidents. All work in this class is to be performed according to the Oberlin Honor Code. Specifically I expect that:

  1. Quizzes will be closed book, closed notes, and no communication between students. This includes discussing the same to students who are taking the quiz at another time.
  2. Discussion of assignments is expected and encouraged, however all work and code on assignments should be your own without outside assistance.
  3. Sources should be cited including the textbook and other web sites when you use them in your work.

Illustrative examples:

  1. Confirming that we had an exam is OK, telling another student in the class who has not taken it that it was easy/hard, what topics, etc. is NOT OK.
  2. Discussing what needs to be done and how it can be done is OK, having a student (other than a TA) go over your code is NOT OK, discussing what might be wrong and how to tell is OK (and encouraged).
  3. Using ideas or techniques from the textbook or online sources as a starting point is OK with attribution, but is NOT OK without attribution.

All assignments must include the following signed statement:

"I affirm that I have adhered to the Honor Code in this assignment."

Electronic submissions should include the honor statement in either the README or comments and must include your name.

Schedule

(Subject to change)
WEEK DAY ANNOUNCEMENTS READING HW
1 Sep 04 Labor Day [No Class]
Sep 06 Read Reflections on Trusting Trust for Friday. Introduction to computer security
  • Terminology
  • Fundamental concepts
  • Legal issues

(Read Pfleeger chapter 1)
  
Sep 08   Homework 1
2 Sep 11  
Sep 13 Last Day to Add/Drop (Sep 14) Basic Cryptography
  • Steganography
  • Cryptographic algorithms
  • Cryptanalysis
  • Modes of operation
  • Hash functions
  • Asymmetric ciphers

(Read Pfleeger chapter 2, parts of 10)
Sep 15   Homework 2
3 Sep 18  
Sep 20  
Sep 22  
4 Sep 25   Homework 3
Sep 27 Read Smashing the Stack for Fun and Profit for Friday. Program Security and Malware
  • Buffer overflows
  • Incomplete mediation
  • Race conditions

(Read Pfleeger chapter 3)
Sep 29  
5 Oct 02 Yom Kippur [No Class]
Oct 04   Program Security and Malware
  • Buffer overflows
  • Incomplete mediation
  • Race conditions

(Read Pfleeger chapter 3)
(continued)		  
Oct 06    
6 Oct 09   Homework 4
Oct 11  
Oct 13 Midterm Exam
  Oct 16 October Break (Oct 14-22)
Oct 18
Oct 20
7 Oct 23   Program Security and Malware
  • Buffer overflows
  • Incomplete mediation
  • Race conditions

(Read Pfleeger chapter 3)
(continued)
Oct 25  
Oct 27   Electronic Voting  
8 Oct 30   Malware Mitigation, Testing Methodologies  
Nov 01    
Nov 03    
9 Nov 06 Last Day for P/NP, CR/NE, or Withdraw (Nov 07) OS Security  
Nov 08   Homework 5
Nov 10  
10 Nov 13   Trusted OS design
Nov 15  
Nov 17    
11 Nov 20   Database Security Homework 6
Nov 22  
Nov 24 Thanksgiving Break (Nov 23-26)
12 Nov 27   Network Security and Intrusion Detection
Nov 29 Rough draft is due at the start of class. This is worth 10% of your final grade.
Dec 01  
13 Dec 04   Privacy  
Dec 06   Legal and Ethical Issues  
Dec 08 I will be out of town for a conference  
14 Dec 11   Class presentation in King 306
  1. Nick Hatt - "Magnetic Stripe Card systems - Hacking your flex dollars d00d"
  2. Akshat Singhal - "Windows XP SP2: Security Review"
  3. Brandon Greenwood - "Reverse Software Engineering: Tools, techniques, and applications to security"
  4. Christian Sutton - "DRM: It's not what you think or What it is, if you think you know nothing"
  
Dec 13   Class presentation in King 306
  1. Kevin Chen - "FTP in RFC 959: Victim, Perpetrator, and Innocent Bystander"
  2. Ted Warner - "Social Engineering"
  3. Nick Ferrara - "Electronic voting in Ohio"
  4. Brendan Veeneman & Mike Tomlinson - "History, current use, and mechanics of keystroke loggers"
  
  Dec 18 Final Exam (2-4:00pm)

Assignments

Homeworks

Homeworks are listed in the schedule above on the far right hand side. Unless otherwise specified, they are due at the start of class and must be done individually. I prefer typed answers to hand-written ones because if I can't read it, then I can't grade it.

Semester Paper or Project

You are responsible for a semester long research project. Work is divided into several stages.

  1. (Week 2) Initial project proposals: A collection of three possible research project ideas.
  2. (Week 3) Revised project proposal: A single project plan containing
    • A clear thesis
    • An outline of the steps to complete the project
    • A rough timeline
    • Any outside resources needed to complete the project
    • Expected outcomes including deliverables, notions of success vs. failure, and a defined ending state
  3. (Week 6) Literature search: You results of surveying the available literature for past work and other relevant material. For pure research projects, this might be incomplete, but should have indications of where to draw additional material.
  4. (Week 8) Status report: Current state especially indicating any changes to the plan, steps left to perform, and current roadblocks.
  5. (Week 11) Initial Draft: A rough draft of final paper. Any incomplete parts should be marked as such (e.g., final testing). (10% of final grade)
  6. (Week 14) Class presentation: A well-prepared presentation of your results for the class and the department (5% of final grade)
  7. (Week 15) Final Draft: Submit a final copy of your research paper at the start of the final exam. (10% of final grade)

Last Modified: September 25, 2006 - Benjamin A. KupermanVI Powered

Valid HTML 4.0 Transitional Valid CSS!