CS 265 Course Syllabus
- Instructor information
- Name: Mark Stamp
- Office: MQH 216
- Office hours: T/Th 9:30-noon
- Phone: 408-924-5094
- email: stamp@cs.sjsu.edu
- Greensheet: http://www.cs.sjsu.edu/faculty/stamp/CS265/syllabus/syllabusSpr04.html
- Who am I?
- Textbook:
Network Security: Private Communication in a
Public World, second edition, Charlie Kaufman,
Radia Perlman and
Mike Speciner, Prentice Hall, 2002, ISBN: 0-13-046019-2.
This book is very good in its coverage
of cryptography and
networking protocols.
- Other useful security books:
- Fundamentals of Secure Computer Systems, Brett C. Tjaden,
Franklin, Beedle & Associates, 2004, ISBN: 1-887902-66-X.
This is a very readable and inexpensive book. I use this as
the textbook in my undergraduate information security class.
- Security Engineering: A Guide to Building
Dependable Distributed Systems, Ross Anderson, John Wiley
& Sons, Inc., 2001, ISBN: 0-471-38922-6; see
Ross Anderson's Security Engineering website
http://www.cl.cam.ac.uk/~rja14/book.html for lots of interesting security information, and
errata for this book. This is an excellent book, but not
a textbook.
As time permits, we'll discuss some of the
special topics found in chapters 7 through 23.
- Security in Computing, third edition,
Charles P. Pfleeger and Shari Lawrence Pfleeger, Prentice Hall,
2003, ISBN: 0-13-035548-8. The strength of this book is its
coverage of security issues related to
software, in particular, viruses and operating system.
We'll cover some of the topics in Chapters 3 and 4.
- Computer Security, Dieter Gollmann,
John Wiley & Sons, Inc., 1999, ISBN: 0471978442.
This is a good book, but not easy to read. Chapter 8,
How Things Go Wrong, is especially good.
- Applied Cryptography: Protocols,
Algorithms and Source Code in C, Second Edition, Bruce Schneier,
John Wiley & Sons, Inc., 1995 (2nd edition), ISBN: 0-471-11709-9.
This is the standard cryptographic reference.
- Computer Security: Art and Science, Matt Bishop,
Addison Wesley, 2003, ISBN: 0-201-44099-7. This is a popular new
(and very long) book. This book is much more theoretical than most
security books.
- The Unofficial Guide to Ethical Hacking,
Ankit Fadia, Premiere Press, 2002 (1st edition),
ISBN: 1931841721. This is an interesting book, with the emphasis
on hacking, not on ethics.
The book includes things like source code for viruses and
various other types of malicious code. A lot of
this information can be found online, but the descriptions
here are better than you're likely to find elsewhere.
- PowerPoint slides used in class are available
here
- Grading:
- Test 1, 100 points. Date: Friday,
March 19.
- Homework, quizzes and other work as assigned, 100 points.
- Project, 100 points.
Date: April 5.
Completed projects available
here.
- Final, 100 points. Finals schedule can be found
at http://info.sjsu.edu/web-dbgen/narr/soc-spring/rec-716.html
- Section 1: Thursday, May 20, 9:45-12:00.
- Section 2: Monday, May 24, 9:45-12:00.
- Semester grade will be computed as a
weighted average of the 4 major scores
listed above.
- No make-up tests or quizzes will be given and
no late homework or project will be accepted.
- Homework
- Assignment 1: Due date: Monday, Feb. 23.
p. 57, problems 3,4,5
p. 92, problems 3,6,14
p. 114, problems 6,7
(problem 7 reads "Give the first 16 values of the permutation
formed by doing the DES initial permutation twice.")
p. 143, problem 14
Implement your
favorite block cipher algorithm and
use it to encrypt and decrypt the message
Four score
and seven years ago our fathers brought
forth on this continent, a new
nation, conceived in Liberty, and dedicated
to the proposition that all men are created equal.
using 3 different keys.
For the first key use ECB mode, for the
second use CBC mode and for the third
use CTR mode. Explain how you encrypted the
last block.
- Assignment 2: Due Monday, March 1.
Note: This assignment must be turned in, in person, at
10:30 or 11:30 AM, Monday, March 1.
A) Write 1 paragraph summary of
lecture on Wednesday, February 25
B) Write 1 paragraph summary of lecture on Friday,
February 27
C) Write 1 page summary of the paper
Tamper-Proofing,
and Obfuscation --- Tools for Software Protection
- Assignment 3: Due: Wednesday, March 10.
Write a program to implement
one of the following attacks on the simplified
version of DES discussed in class (SDES)
A) linear cryptanalysis
B) differential cryptanalysis
C) time-memory tradeoff
(here
is an article I've written
that describes this attack)
You must turn in your source code and
enough results to convince me that you
have correctly implemented
the attack. In some cases,
I may require that you demo your attack.
The C source code and header file
for SDES are available
at SimpDES.c
and SimpDES.h, respectively.
- Assignment 4: Due: Monday, March 22.
- List three passphrases and for each of these, give
three passwords derived from the passphrase.
- In some applications a passcode consisting of
some number of digits is required (for example, a PIN).
Using the number-to-letter conversion on a telephone
- What passcode corresponds to the password "frank"?
- Find all passwords that correspond to the passcode 4729.
Your passwords must be dictionary words.
- Suppose that on a particular system, all
passwords are 10 characters, and there are 64 possible
choices for each character. The system has a password file
with 512 passwords. An attacker has a dictionary of 220
common passwords, and from experience he knows that the
probability of finding a randomly-selected password in
his dictionary is 1/3. For this problem, work is measured
by the number of hashes computed.
- What is the expected work to crack one specific password,
without using the dictionary?
- What is the expected work to crack one specific password,
using the dictionary?
- Give pseudo-code for an efficient algorithm for attacking
the password file, using the dictionary.
- Read The
Confused Deputy and explain the problem. How can capabilities
help to prevent this problem?
- Discuss one well-known security model (other than BLP or Biba).
Where is it used and why?
- We discussed two different variations of Biba's Model, call them
A and B. What are the differences between A and B?
Describe one application where A would be preferred
to B (or vice-versa). Explain your answer.
- What is the "need to know" principle and how does multilateral
security enforce this principle?
- Use Google to find information on
one commercial firewall product.
Which type of firewall is this product? Explain.
- Discuss two methods of inference control. Be sure to
mention the relative strengths and weaknesses of each.
- Suppose that you work in classified environment,
where MLS is employed, and you have a TOP SECRET clearance.
Describe a covert channel involving the print queue. How
would you minimize this covert channel, while still allowing
access by users with different clearance levels?
- Assignment 5: Due: Wednesday, April 21.
p. 289 problems 5 and 11
p. 336 problem 1
p. 497 problem 2
p. 498 problem 3
p. 476 problems 3 and 9
p. 439 problems 4 and 6
- Assignment 6: Due: Monday, April 26.
- Read the paper at crypto.stanford.edu/DRM2002/darknet5.doc and write
a 1 page summary of the article.
- Cheating will not be tolerated...
- ...but working together is encouraged
- Student must be respectful of the teacher and other students
- Any disability issues must be resolved in advance
- Valid picture ID required at all times
- Major topics to be covered
- Cryptography
- Protocols
- Access Control
- Software Issues
- Special Topics
- Guest lectures
- Why study security?
- Everyone in this class is encouraged to follow the bugtraq
newsgroup. You can subscribe at this URL
http://online.securityfocus.com/cgi-bin/sfonline/subscribe.pl
and you can read archived messages here
http://online.securityfocus.com/archive/1