San Jose State University
Department of Computer Science
CS 166, Information Security, Spring 2018
- Course and Contact information
- Instructor: Mark Stamp
- Office Location: MH 216
- Telephone: 408-924-5094
- Email: email@example.com
- Office hours: Tuesday and Thursday, 10:30-11:30pm
- Class Days/Times: Tuesday and Thursday, 9:00-10:15am
- Classroom: MH 225
- Prerequisites: CS 146 (with a grade of "C-" or better) and either CS 47 or CMPE 102 or CMPE 120 (with a grade of "C-" or better); or instructor consent.
- Course Description
- Fundamental security topics including cryptography, protocols, passwords, access control, software security, and network security. Additional topics selected from multilevel security, biometrics, tamper-resistant hardware, information warfare, e-commerce, system evaluation and assurance, and intrusion detection.
- Learning Outcomes
- After completing this course
you should be knowledgeable of the
major technical security challenges
in each of the following four areas: cryptography,
access control, protocols, and software.
- Required Texts/Readings
- Textbook: We will use a manuscript that
will eventually become the 3rd edition of the textbook
Information Security: Principles and Practice, Mark Stamp
- Other useful resources:
- Introduction to Machine Learning with Applications in
Information Security, Mark Stamp, Chapman and Hall/CRC, 2017.
A timely book by one of my favorite authors.
- A Bug Hunter's Diary: A Guided Tour Through the Wilds
of Software Security, Tobias Klein, No Starch Press, 2011.
Lots of interesting real-world examples of vulnerable code.
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, Michael Sikorski and Andrew Honig,
No Starch Press, 2012. An excellent book for
information on reverse engineering
(whether for malware analysis or other purposes).
Includes many hands-on exercises.
Reverse Engineering (SRE) at http://reversingproject.info/. This website,
which was created by a former masters student, includes
lots of good information and detailed exercises with solutions.
- Network Security: Private Communication in a
Public World, second edition, Charlie Kaufman,
Radia Perlman, and
Mike Speciner, Prentice Hall, 2002, ISBN: 0-13-046019-2.
This book provides good coverage of cryptography and excellent
coverage of several security protocols.
- Security Engineering: A Guide to Building
Dependable Distributed Systems, Ross Anderson, John Wiley
& Sons, Inc., 2001, ISBN: 0-471-38922-6; see
Security Engineering at http://www.cl.cam.ac.uk/~rja14/book.html, where you can obtain
a free (and legal) copy of the 1st edition of the book.
This is an excellent book for an
overview of security in general, but
it is not too focused or technically detailed.
- Security in Computing, third edition,
Charles P. Pfleeger and Shari Lawrence Pfleeger, Prentice Hall,
2003, ISBN: 0-13-035548-8. The strength of this book is
its coverage of the security issues related to software. In particular,
operating systems and some aspects
of secure software engineering are covered well. This book
also has some good, basic information on viruses.
- Applied Cryptography: Protocols,
Algorithms and Source Code in C, second edition, Bruce Schneier,
John Wiley & Sons, Inc., 1995, ISBN: 0-471-11709-9.
For better or for worse, in industry, this is the
standard reference for all things cryptographic.
- Counter Hack Reloaded: A Step-by-Step
Guide to Computer Attacks and Effective Defenses,
Ed Skoudis with Tom Liston, Prentice Hall, 2006,
ISBN: 0-13-148104-5. There are many books that claim to
provide information on how to foil hackers, but this is
by far the best that I have seen. This is an updated version
of the original Counter Hack, published
- Computer Viruses and Malware,
John Aycock, Springer, 2006, ISBN: 0387302360.
This book gives a good introduction to research topics
related to malware. The book is well-written and
surprisingly easy reading, given the technical nature
of the material.
- Additional relevant material:
- PowerPoint slides, errata,
and other resources at http://www.cs.sjsu.edu/~stamp/infosec/
- Previous semester lecture videos are available on
You Tube at http://www.youtube.com/playlist?list=PLQEAKfSI2JLOzrgaQOgF6S3PqXs2zR614
- Current semester lecture videos are available at
If you are asked to login to access the videos,
both the username and password are "infosec".
Note: The instructor hereby gives students permission to record his lectures
(audio and/or video). At least with respect to this class,
your instructor has nothing to hide.
- Class-related discussion will be posted
on Piazza at
You are strongly encouraged to participate by
asking questions, as well as by responding
to questions that other students ask. At the start of the
semester, you should receive an email asking you to join
this discussion group—if not, contact your instructor via email.
- Course Requirements and Assignments
- Grading Policy
- Test 1, 100 points
Tuesday, March 6 Thursday, March 8
- Test 2, 100 points
Date: Tuesday, April 17
- Homework, quizzes, class participation,
and other work as assigned, 100 points.
- Final, 100 points
- Date & time: Wednesday, May 16 from
- The is here:
official finals schedule is at
- Semester grade will be computed as a weighted
average of the 4 major scores listed above.
- No make-up tests or quizzes will be
given and no late homework (or other work)
will be accepted. Also, in-class work must be completed
in the section that you are enrolled in.
- Nominal Grading Scale:
|92 and above||A
|90 - 91||A-
|88 - 89||B+
|82 - 87||B
|80 - 81||B-
|78 - 79||C+
|72 - 77||C
|70 - 71||C-
|68 - 69||D+
|62 - 67||D
|60 - 61||D-
|59 and below||F
- Note that "All students have the right, within a reasonable time, to know their
academic scores, to review their grade-dependent work, and to be provided with
explanations for the determination of their course grades."
See University Policy F13-1
at http://www.sjsu.edu/senate/docs/F13-1.pdf for more details.
- Classroom Protocol
- Keys to success:
Do the homework and attend class
- Wireless laptop is required. Your laptop
must remain closed (preferably in your backpack and, in any case, not
on your desk) until I inform you that it is needed for a
- Cheating will not be tolerated,
but working together is encouraged
- Student must be respectful of the instructor and other students. For example,
- No disruptive or annoying talking
- Turn off cell phones
- Class begins on time
- Class is not over until I say it's over
- Valid picture ID required at all times
- The last day to drop is
Monday, February 5,
and the last day to add is
Monday, February 12
- University Policies
- Office of Graduate and Undergraduate Programs maintains
university-wide policy information relevant to all courses,
such as academic integrity, accommodations, etc. You may find all syllabus
related university policies and resources information listed on GUP’s
Syllabus Information web page