CS166Fall 2012Sec3Home Page/Syllabus

Information Security

This course will cover fundamental security topics including cryptography, protocols, passwords, access control, software security, and network security. In addition we will cover selected topics from multilevel security, biometrics, tamper-resistant hardware, information warfare, e-commerce, system evaluation and assurance, and intrusion detection. By the end of this course a student should be able to: (1) Understand the basics concepts of cryptography as illustrated by a classic cipher system such as the simple substitution or double transposition; demonstrate an elementary cryptanalytic attack on such a system and quantify the expected work factor. (2) Understand the implementation of modern symmetric ciphers such as RC4, DES and TEA; understand public key cryptosystems such as RSA, Diffie-Hellman and the knapsack; understand the implementation of a hash function, such as Tiger. (3) Understand the methods used to verify passwords as well as the inherent weaknesses of passwords; quantify the expected work to crack passwords under various assumptions; understand the strengths and weaknesses of biometric authentication. (4) Understand Lampson's access control matrix and its relationship to access control lists and capabilities; understand the confused deputy problem and how to prevent it. (5) Understand basic security issues in authentication and key establishment protocols, including, for example, replay attacks and their prevention. (6) Analyze authentication and key establishment protocols for potential security flaws, and demonstrate attacks on flawed protocols. (7) Understand certain widely used security protocols, including SSL, IPSec and Kerberos; understand the limitations and security issues related to these protocols. (8) Understand the role that software flaws play in security; understand the buffer overflow attack and various ways to prevent it; exploit a simple buffer overflow condition; understand race conditions. (9) Understand different types of malicious software (malware) including viruses, worms and Trojan horses; understand the details of the Morris Worm, and at least one modern virus or worm, such as Code Red or Slammer; understand the methods used to prevent and detect malware attacks. (10) Understand software reverse engineering and the security threat that it poses; implement a simple reverse engineering attack. (11) Understand the role that operating systems plays in security and the need for a trusted OS; understand the principles of a trusted OS.

Below is a tentative time table for when we'll do things this quarter:

Grades will be calculated in the following manner: The person or persons with the highest aggregate score will receive an A+. A score of 55 will be the cut-off for a C-. The region between this high and low score will be divided into eight equal-sized regions. From the top region to the low region, a score falling within a region receives the grade: A, A-, B+, B, B-, C+, C, C-. If the boundary between an A and an A- is 85, then the score 85 counts as an A-. Scores below 55 but above 50 receive the grade D. Those below 50 receive the grade F.

If you do better than an A- in this class and want me to write you a letter of recommendation, I will generally be willing provided you ask me within two years of taking my course. Be advised that I write better letters if I know you to some degree.

This semester we will have four homeworks and weekly quizzes. Every Monday this semester, except the first day of class, the Midterm Review Days, and holidays; there will be a quiz on the previous week's material. The answer to the quiz will either be multiple choice, true-false, or a simple numeric answer that does not require a calculator. Each quiz is worth a maximum of 1pt. Out of the total of thirteen quizzes this semester, I will keep your ten best scores.

As part of your homework score, every Wednesday this semester, except the first day of class, the Midterm Review Days, and holidays; there will be one or two book problems which are due in class. Your solution should be handwritten (not typed). Your answer does not have to be verbose, but should in complete sentences, should set up the problem, and explain how you solved it. We will go over the solution to the problem in class. If you cannot attend on a given Wednesday, make sure someone turns in your homework for you. Each week at most one problem that you submitted will be graded and will contribute up to 1 point to the next homework score.

These book problems will constitute part of the four homeworks which will be due this semester. The remainder of these homeworks will likely be small to medium coding project. Links to the current list of homeworks and quizzes can be found on the left hand frame of the class homepage. After an assignment has been returned a link to its solution (based on the best student solutions and less the book problems) will be placed off the assignment page. Material from assignments may appear on midterms and finals. The book portion of each homework must be your own individual work in your own words. For the coding portion of homeworks you are encouraged to work in groups of up to three people. Only one person out of this group needs to submit this portion of the homework assignment; however, the members of the group need to be clearly identified in all submitted files. Homeworks for this class will be submitted and returned completely electronically. To submit an assignment click on the submit homework link for your section on the left hand side of the homepage and filling out the on-line form. Hardcopies or e-mail versions of your assignments will be rejected and not receive credit. Homeworks will always be due by the start of class on the day their due. Late homeworks will not be accepted and missed quizzes cannot be made up; however, your lowest score amongst the four homeworks and your quiz total will be dropped.

When doing the programming part of an assignment please make sure to adhere to the specification given as closely as possible. Names of files should be as given, etc. Failure to follow the specification may result in your homework not being graded and you receiving a zero for your work.

The midterms will be during class time on: Sep 26 and Nov 7.

The final will be: Tuesday, December 18 from 2:45-5:00pm.

All exams are closed book, closed notes and in this classroom. You will be allowed only the test and your pen or pencil on your desk during these exams. The final will cover material from the whole quarter although there will be an emphasis on material after the last midterm. No make ups will be given. The final exam may be scaled to replace a midterm grade if it was missed under provably legitimate circumstances. These exams will test whether or not you have mastered the material both presented in class or assigned as homework during the quarter. My exams usually consist of a series of essay style questions. I try to avoid making tricky problems. The week before each exam I will give out a list of problems representative of the level of difficulty of problems the student will be expected to answer on the exam. Any disputes concerning grades on exams should be directed to me, Professor Pollett.

If you believe an error was made in the grading of your program or exam, you may request in person a regrade from me, Professor Pollett, during my office hours. I do not accept e-mail requests for regrades. A request for a regrade must be made no more than a week after the homework or a midterm is returned. If you cannot find me before the end of the semester and you would like to request a regrade of your final, you may see me in person at the start of the immediately following semester.

The campus policy to ensure compliance with the Americans with Disabilities Act is:
"If you need course adaptations or accommodations because of a disability, or if you need special arrangements in case the building must be evacuated, please make an appointment with me as soon as possible, or see me during office hours. Presidential Directive 97-03 requires that students with disabilities register with DRC to establish a record of their disability."

The university policy regarding credit hours for classes states:
Success in this course is based on the expectation that students will spend, for each unit of credit, a minimum of forty-five hours over the length of the course (normally 3 hours per unit per week with 1 of the hours used for lecture) for instruction or preparation/studying or course related activities including but not limited to internships, labs, clinical practica. Other course structures will have equivalent workload expectations as described in the syllabus.

More information about SJSU policies and procedures can be found at the following links: