CSc8370 Syllabus - Fall 2003
Data Security
Room: CS 400 1300-1440 Tuesday/Thursday.
Instructor: Robert Harrison
1440 34 Peachtree
Tel (404) 651-0668
Email: rharrison@cs.gsu.edu
Web http://www.cs.gsu.edu/~cscrwh
Office Hours: 3:00 PM to 4:00 PM Monday and by appointment
Text (Required): Pfleeger C.P., and Pfleeger S.L., 2003 Security in Computing 3rd edition. ISBN 0-13-0335548-8
Other References:
www.phrack.com A major Hacking website. The quality of the articles varies between truly excellent and the other extreme.
McClure S., Scambray J, and Kurtz G (2001) Hacking Exposed 3rd edt. McGraw Hill
A compendious list of hacking attacks and vunerabilities. Next to no theory
Stallings W. (1999) Cryptography and Network Security 2nd edt. Prentice Hall
A good book on communications security and authentication. It has a major emphasis on cryptography.
Caloyannides M.A. (2002) Desktop Witness, Wiley
This book is a good source about low-level computer forensics and privacy issues.
It is centered on the windows environment and is somewhat quirky.
Anderson R (2001) Security Engineering, Wiley
This is clear presentation of the total systems requirement for data security. It was almost the text for this class.
Gollmann D. (1999) Computer Security, Wiley.
Another systems book that was considered as a text. It is a bit too simplistic.
Comer D.E. & Stevens D.L. (2001) Internetworking with TCP/IP client-server programming and applications vol 3, Prentice Hall.
This book is a clear guide to TCP/IP programming. The other volumes in the series are also useful.
Wayner P. (1996) Disappearing Cryptography, Academic Press.
This is a clear, but slightly dated, book on Steganography.
Bauer F.L. (1991) Decrypted Secrets, Springer
This is the best readily available book on cryptography and cryptanalysis. It also has an excellent historical presentation.
Stinson D.R. (1995) Cryptography Theory and Practice, CRC press
Menezes A.J., van Oorshot P.C., Vanstone S.A. (1997) Handbook of Applied Cryptography, CRC press
These are two professional books on cryptography. The Handbook is an especially thorough compendium of defined protocols and standards.
Mel H.X., Baker D. (2001) Cryptography Decrypted Addyson Welsey.
Relatively simple introductory text. Use this if you're having trouble.
Schneier B. (1996) Applied Cryptography, Wiley.
This is a book of algorithms for cryptography. It is a bit quirky and Dr. Schneier tends to dismiss points he doesn't thoroughly understand (especially on the RSA algorithm and elliptic field ciphers).
Viega, J, and McGraw G. (2002)Building Secure Software Addison-Wesley
ISBN 0-201-72152-X Last year's text book. Very good on certain issues of secure software design, but limited in scope.
Northcutt S. and Novak J (2001) Network Intrusion Detection New Riders
ISBN 0-7357-1008-2 Last year's text book. Describes aspects of detecting network problems.
Course Content: Fundamentals of Data Security including aspects of cryptography, network traffic analysis and detection and correction of compromised systems. It will also include aspects of computer forensics. The course outline supplies an approximate plan for the course, but it may be necessary to deviate from that plan.
Warning and Caution: This course will examine how computer systems are attacked and compromised. The aim of this course is to defeat such attacks, and the best approach to defeating attacks is to understand them. Application of these techniques outside of approved machines (i.e. our lab, or part of your legitimate employment) will result in an automatic, unapeallible failing grade. Remember, in addition to any ethical considerations, unauthorized attacking ("cracking") of machines is illegal and can carry substantial criminal penalties.
Withdrawals: The last day for regular withdrawals is October 17 2003
Course Requirements: Being a course in computer science, this is not a trivial course. Regular completion of reading, homework, and assignments is necessary for success. If you don't work at this course you will not do well. Computer programming is like playing a musical instrument; practice is necessary for proficiency. The assignments are a minimal set of programs. In order to become proficient, it will be necessary to practice with other examples.
Course Grades: The course grade will be derived from class participation, a midterm test, assignments, and a project. The project will be presented in class. The weights for the assignments and tests is given by:
|
Participation |
22.50% |
|
Midterm |
22.50% |
|
Assignments |
25.00% |
|
Project |
30.00% |
|
Total |
100.00% |
The assignments and test will cover similar material. The assignments will include reviewing current literature in the field. The grades will be calculated both including and excluding the assignments and the minimum value will be used. For example, if the grade including the assignments is 90% and the grade on the tests only is 95%, the the class grade will be 90%. Similarly if the grade including the assignments is 95% and the grade on the tests only is 90% then the grade will be 90%.
The assignments and tests will be averaged with a weighted average. With the tests this average will be (0.225*participation + 0.225*midterm + 0.300*project)/(0.225 + 0.225 + 0.30).
|
Nominal Grading Scale |
|
|
A |
90-100 |
|
B |
80-89 |
|
C |
70-79 |
|
D |
60-69 |
|
F |
0-59 |
Assignments will collected when specified. They will be accepted as late (with a 10 percent penalty) up until they have been discussed in class. After the answers have been discussed in class no further assignments will be accepted.
ASSIGNMENT REQUIRMENTS: Please turn in a printed copy of the source code, the program input and output (if any) and a 3.5" DOS formatted disk with the sources and compiled program (when applicable). If possible we will set up an email exchange for the assignments. The disk must contain everything needed to execute the program. Assignments will not be accepted without this information. Please put your name on all the sheets and on the disk label.
Makeup tests and exams will not be given. If there is a disaster, an accident, or an illness a makeup test can be scheduled provided 1) the instructor is notified promptly and in advance if possible of the reason, and 2) you supply an original letter addressed to me on letterhead from a physician, hospital or relevant authority and signed by the physician, hospital administrator, or relevant authority, stating why you could not make it to the test. It is absolutely critical that you are prompt in bringing any need for a makeup or extended deadline to my attention. It is much easier to schedule an incomplete than to correct a grade.
People with learning differences (ADD, Dyslexia and similar conditions, or physical disabilities) should privately inform me if they need extra time or other aids for the exams or assignments. This should be done at the beginning of the term; before the tests and assignments are graded. Similarly, if you find your English language skills are not keeping up with the class, you should arrange with me for more time (before you are failing).
Missed tests and assignments will be graded as 0 (zero).
Grades will be rounded to the nearest whole number. Any curve applied to the scores will only improve your grade. (if the grades range from 92-100 then everyone gets an ``A'', but the next test may be harder).
If Georgia State University is closed (for example due to a weather emergency), test dates and assignment due dates will be re-scheduled on the next class day. In this case information will be posted on my web site.
Plagiarism: All work submitted for grading must be the students own. Plagiarism will result in a score of 0 (zero) for the work or dismissal from the course and notification of the Dean of Students. Do not allow others to copy your work as all students will receive 0 (zero). The determination of plagiarism or copying will be done using the professional judgment of the instructor. In order to minimize the possibility of plagiarism during an exam, I reserve the right to assign seating for exams.
Homework: Suggested exercises will be given in class. These will re-enforce the lectures and be similar to test problems. Performing them will help you get a good grade. In general, to succeed in computer science, you will need to ``keep current'' by self-directed study. This is the time to get into that habit.
Assignments: Graded assignments can be thought of as open-book quizzes. If part of the answer is written in a book or paper, the student is responsible for copying out the section and supplying a reference. (i.e. you can copy published work, but you must cite it properly). Students are expected to supply the answers in their own words; a string of citations, however correct, will only receive partial credit.
Absence from Class: Students are responsible for the materials covered in class. Should a student be absent, it is their responsibility to get the notes and handouts from that lecture. Most importantly, if there is an assignment given on a missed class, it still must be handed in on the prescribed date. If there is a disaster, an accident, or an illness a makeup assignment can be scheduled provided 1) the instructor is notified promptly and in advance if possible of the reason, and 2) you supply an original letter addressed to me on letterhead from a physician, hospital or relevant authority and signed by the physician, hospital administrator, or relevant authority, stating why you could not complete the assignment.
Class Manners: You are here to learn computer science. Activities that interfere with learning are prohibited. I request that you turn off radios, cell phones and pagers during the class period and refrain from bringing food and drink to class. Quiet well-behaved visitors can be brought to class with my prior permission which must be obtained at least one day in advance. Don't bring pets. (See me if you have a medical condition that would not allow you to follow this syllabus). If you have to leave the class for some reason, please do so quietly and take all your belongings with you; please do not re-enter the class because that will be highly disturbing to the other students (and you are still responsible for what you missed).
Grading: Assignments and exams will be graded and returned in approximately one week. If it will take longer, I will notify you.
Note: This syllabus is a general plan for the course, and deviations from it may be necessary during the duration of the course.