CS 265 Course Syllabus
- Instructor Information
- Name: Mark Stamp
- Office: MQH 216
- Office hours: Tuesday, 10am - 2:15pm, or by appointment
- Phone: 408-924-5094
- email: stamp265@gmail.com
- The best way to contact me is via email
- Greensheet: http://www.cs.sjsu.edu/faculty/stamp/CS265/syllabus/syllabusSpr08.html
- Who am I?
- Course Overview and Description: We will cover
selected security topics in each of the following areas:
cryptography, access control, protocols, and software.
The emphasis will be on cryptanalysis and
software reverse engineering.
- Prerequisites: CS149 or instructor consent.
- Required Textbook:
- Applied Cryptanalysis: Breaking Ciphers in
the Real World, Mark Stamp and Richard M. Low,
Wiley-IEEE Press, May 2007, ISBN: 047011486X.
This book contains detailed discussion of
several cryptanalytic attacks. These attacks are "applied",
in the sense that each attack can be implemented to
break a real-world cipher system. Many of the attacks
are somewhat technical and challenging.
One of the two major projects for the course
will be a cryptanalysis project.
- Other useful security books:
- Information Security: Principles and Practice,
Mark Stamp, Wiley-Interscience, 2005, ISBN: 0-471-73848-4.
This book, which is the required text for CS166,
provides an introduction
to technical issues in information security.
The book is focused on
four major topics: cryptography, access control,
protocols and software.
We will cover some topics from this book,
most of which are
generally not covered in CS166.
- Reversing: Secrets of Reverse Engineering,
Eldad Eilam, Wiley, 2005, ISBN: 0764574817. This is the best book
available on reverse engineering software. The book also discusses
various software protection techniques.
- Network Security: Private Communication in a
Public World, second edition, Charlie Kaufman,
Radia Perlman and
Mike Speciner, Prentice Hall, 2002, ISBN: 0-13-046019-2.
This book provides good coverage of cryptography and excellent
coverage of several security protocols.
- Security Engineering: A Guide to Building
Dependable Distributed Systems, Ross Anderson, John Wiley
& Sons, Inc., 2001, ISBN: 0-471-38922-6; see
Ross Anderson's Security Engineering website
http://www.cl.cam.ac.uk/~rja14/book.html, where you can obtain
a free (and legal) copy of the book.
This is an excellent book for an
overview of security in general, but
it is not very focused or technically detailed.
- Security in Computing, third edition,
Charles P. Pfleeger and Shari Lawrence Pfleeger, Prentice Hall,
2003, ISBN: 0-13-035548-8. The strength of this book is
its coverage of the security issues related to software. In particular,
operating systems and some aspects
of secure software engineering are covered well. This book
also has some good basic information on viruses.
- Applied Cryptography: Protocols,
Algorithms and Source Code in C, second edition, Bruce Schneier,
John Wiley & Sons, Inc., 1995, ISBN: 0-471-11709-9.
For better or for worse this is the
standard reference for cryptography, particularly
in industry.
- Counter Hack Reloaded: A Step-by-Step
Guide to Computer Attacks and Effective Defenses,
Ed Skoudis with Tom Liston, Prentice Hall, 2006,
ISBN: 0-13-148104-5. There are many books that claim to
provide information on how to foil hackers, but this is
by far the best that I have seen. This is an updated version
of the original Counter Hack, published
in 2001.
- Computer Viruses and Malware,
John Aycock, Springer, 2006, ISBN: 0387302360.
This book gives a good introduction to research topics
related to malware. The book is well-written and
surprisingly easy reading, given the technical nature
of the material. However, it is somewhat uneven in its
coverage, with many interesting topics only mentioned
in passing, and some of the more lengthy discussions
allocated to topics of marginal interest (at least to me).
- PowerPoint Slides: Slides presented in class are
available in three flavors:
The slides covering protocols (and software) are
available in three versions:
- Student Learning Objectives: After completing this course
you should be knowledgeable concerning the
major technical security challenges
in each of the following four areas: cryptography,
access control, protocols, and software. In addition, you
should have advanced knowledge in cryptanaylsis
and software reverse engineering, as evidenced by your work on the
two major projects.
- Grading:
- Test 1, 100 points. Date:
Monday, March 17.
- Homework, quizzes, class participation and other work as
assigned, 100 points. Note that a subset of the assigned problems
will be graded.
- Cryptanalysis project,
100 points. Due Friday, March 21.
- SRE project,
100 points. Due Wednesday, April 23.
A list of useful SRE tools can be found here:
http://www.softwarereversing.info/reversing_tools.html
Some background info on the uses for SRE can be found here:
http://www.softwarereversing.info/applications_of_reversing.html
- Final, 100 points. Date and time:
Monday, May 19 at 5:15pm.
- Semester grade will be computed as a
weighted average of the 5 major scores
listed above.
- No make-up tests or quizzes will
be given and no late homework or project
will be accepted.
- Grading Scale:
| Percentage | Grade
|
|---|
| 92 and above | A
|
| 90 - 91 | A-
|
| 88 - 89 | B+
|
| 82 - 87 | B
|
| 80 - 81 | B-
|
| 78 - 79 | C+
|
| 72 - 77 | C
|
| 70 - 71 | C-
|
| 68 - 69 | D+
|
| 62 - 67 | D
|
| 60 - 61 | D-
|
| 59 and below | F
|
- Homework: Turn in a hardcopy
in class on the due date.
All solutions must by typed, and
source code must be included.
Each problem requires a solution
as well as some explanation of how you
arrived at the solution or work
showing how the solution was obtained.
When grading an assignment,
I may ask for additional information.
- Assignment 1: Due Wednesday, February 6
Chapter 1, problems
6,8,9,
11,15
(you will need (1.1) and (1.4)
to solve problems 8 and 9, and Table 1.8 for problem 15).
- Assignment 2: Due Wednesday, February 13
Chapter 2, problems 7, 9, 13, 15, 16. Note that for problem 15, the
threshold is 0.1% = 0.001.
- Assignment 3: Due Wednesday, February 20
Chapter 2, problems 21, 25, 29 (for problem 29, use the Sigaba simulator found
here)
Chapter 3, problems 5, 14
- Assignment 4: Due Wednesday, February 27
Chapter 3, problems 6, 7, 9, 11
- Assignment 5: Due Wednesday, March 5
Chapter 4, problems 1, 2, 4, 6
- Assignment 6: Due Wednesday, March 12
Chapter 5, problems 1, 2, 7, 8
- Assignment 7: Due Wednesday, April 16
Chapter 7, problems 2, 8, 19, 20, 21
- Assignment 8: Due Monday, May 19
Protocols Chapter 9, problems 3, 8, 10, 15, 19, 22, 27
Protocols Chapter 10, problems 3, 6, 11, 17, 24
- Other Important Stuff:
- No extra credit is anticipated
- No late assignments or tests will be accepted
- Keys to success: Do the homework,
do high quality work on the projects, attend class
- Cheating will not be tolerated...
- ...but working together is encouraged
- Student must be respectful of the teacher and other students.
- No disruptive or annoying talking
- Turn off cell phones
- Class begins on time
- Class is not over until I say it's over
- Etc.
- Valid picture ID required at all times
- Why study security?
- Guest lecture
- Speaker: TBD
Title: TBD
Date: TBD
Time: TBD
Location: TBD
- Boring Stuff:
- University, College, or Department Policies:
- Academic integrity statement (from Office of Judicial Affairs):
"Your own commitment to learning, as evidenced by your enrollment at
San Jose State University and the University's Academic Integrity
Policy requires you to be honest in all your academic course work.
Faculty are required to report all infractions to the Office of Judicial Affairs."
The policy on academic integrity can be found
here.
- Campus policy in compliance with the Americans with Disabilities Act:
"If you need course adaptations or accommodations because of a
disability, or if you need special arrangements in case the building
must be evacuated, please make an appointment with me as soon as
possible, or see me during office hours. Presidential Directive 97-03
requires that students with disabilities register with DRC to establish a
record of their disability."
- Academic Honesty:
Faculty will make every reasonable effort to foster honest academic conduct in their courses. They will secure examinations and their answers so that students cannot have prior access to them and proctor examinations to prevent students from copying or exchanging information. They will be on the alert for plagiarism. Faculty will provide additional information, ideally on the green sheet, about other unacceptable procedures in class work and examinations. Students who are caught cheating will be reported to the Judicial Affairs Officer of the University, as prescribed by Academic Senate Policy S04-12.
- Appendix:
- You are responsible for understanding the policies and procedures about add/drops, academic renewal, withdrawal, etc. found
here.
- Expectations about classroom behavior; see Academic Senate Policy S90-5 on Student Rights and Responsibilities.
- A definition of plagiarism can be found
here.
- If you would like to include in your paper any material you have submitted, or plan to submit, for another class, please note that SJSU's Academic Integrity policy S04-12 requires approval by instructors.
- The name and contact information for the librarian liaison. (I have
no idea.)
- Evacuation plan for the classroom: Exit the classroom
through the door,
go down the nearest stairs and exit the building.