Purpose of the courseInstructional ObjectivesPrerequisitesClass MaterialsClass StructureGradeABCImportant notesAttendanceDepartment of Computer Science Fall 2004 __________________________________________________________________________CMPT 495-01/585-01: Topics in Computer Science: Computer and Data Security __________________________________________________________________________ General information Meeting Times and places: Thursdays 5:30 – 8:00 pm RI 104 Instructor: Dr. Stefan A. Robila Office: 312 Richardson Hall Phone: (973) 655-4230 Email: [email protected] Office Hours: Monday 215-315 Thursday 345-515 Purpose of the course This course is a survey of topics related to computer security. It introduces the students to many contemporary topics ranging from data encryption such as PKIs (Public Key Infrastructures), computer authentication, network security, to cyber-warfare and security ethics. Students will learn fundamental concepts of security that can be applied to many traditional aspects of computer programming and computer systems design as well as in dealing in day to day activities such as accessing confidential information, protecting computer systems, etc. Instructional Objectives At the end of the course, the students should be critically analyze various security issues (in terms of their complexity, vulnerability to attacks, etc.) including: - cryptography techniques (encryption types, secret and public key methods, key exchanges, etc.) - network protection (topologies, types of threats, protection, etc.) - OS security (memory protection, file protection, users, trusted OS) - database security (reliability, sensitive data, etc.) - program security (viruses, buffer overflows, trapdoors) - enterprise security (policies, planning, etc.) - ethics in protection - pseudosecurity (steganography, watermarking. etc.) Prerequisites Knowledge of Discrete Mathematics on the level of CMPT 285 or MATH 501 is expected at any levels. Basic understanding of computer organization, and programming is assumed. CMPT 183 - Syllabus 1 / 4 .Class Materials Textbook (required): Charles P. Pfleeger, Shari L. Pfleeger, Security in Computing, 3rd Edition, Prentice Hall, 2003, ISBN: 0-13-035548-8 The textbook is available through the MSU bookstore. There is also plenty of other information sources that will help you understand better the course. A list of them will be provided and maintained on Blackboard. Feel free to email me additions to it. Class Structure The class meets once every week for 2h30 minutes each time. Note that the class time does not include any breaks. The class format will be a sequence of presentations and discussions on security related topics. The presentations will be done by the instructor, students as well as invited guests. The class includes examinations, assignments and a project. No major differentiation will be done between undergraduate and graduate students. However, graduate students are expected to perform at higher standards and can expect slightly different tasks. Grading for the undergraduate and graduate students will be done separately. The lecture materials, the lab, homework and project description are found online on Blackboard. The class will also include several invited speakers that will present on several areas mainly in the second half of the semester. Here is the list of confirmed topics: program security, database security, enterprise security. Evaluation The grade is computed based on a total of 1000 points. These points are split on the following categories: Homework (300 points): Four homework assignments will be provided. Each carries a total of 75 points. They will cover the topics presented during the lectures and are to be solved individually by each student. The due date and time will be indicated each time the homework is assigned and will be strictly enforced (late submission means no submission). I do not intend to provide any individual extensions of the deadlines. All submitted homework must be provided in printed format (unless allowed by the instructor). Handwritten assignments will not be accepted. Written Examination (300 points): There will be one in class examination that will cover the topics on data encryption and network security. No date is set at this moment, although it is expected to take place after the first 5-6 weeks of classes. Note that no final examination is offered for this course. Term Project (400 points): There will be one term project (details to follow soon). The task will include choosing a topic, gathering and analyzing data, writing a paper and giving a short in class CMPT 183 - Syllabus 2 / 4 .presentation (using Powerpoint or other presentation software). Each of the steps will have a certain number of points associated to it. In addition, some of the projects may require software development. The presentations should be 10 minutes long. You should have the presentation ready two weeks before the end of the semester since you will have to present it in one of the last two lectures. The paper and (if needed) copies of the software need to be submitted by December 13 2004. Projects can be done in teams of at most two students. However, the topic and length of the project will have to be considerable. Grading No curve will be used in assigning the grades. Instead, here is how the grades will be determined: Total 850-1000 700-849 550-699 500-549 499< Grade A B C D F The splits between plus and minus grades varies depending on the actual distribution of the final averages. However, if your average is 925 or more, you are assured of A. Important notes It is University policy to provide, on a flexible and individualized basis, reasonable accommodations to students who have disabilities that may affect their ability to participate in course activities or to meet course requirements. Students with disabilities are encouraged to contact their instructors to discuss their individual needs for accommodations. Academic Honesty Cheating and plagiarism will not be tolerated. Copying work from other students, presenting work not done by you as your own, or otherwise misrepresenting your work will result in penalties including a failing grade for the respective task. University regulations related to this topic will be strictly enforced. Homework assignments and examinations are intended to be solved individually. It should be pointed out that