USC CSD Home
 

Course Description -

 
Focus
This class is intended to give students an overview of systems security, its workings, and its role in protecting data and computing resources. The course begins with a discussion of the fundamental problem and tools in protecting a computing system, and proceeds through the various security services that apply to these systems. At the end of the course, students should be able to
  • Describe and assess a broad range of security systems.
  • Understand the fundamental mathematics and engineering underlying security systems.
  • Judge the suitability of security systems for various applications.
  • Know how to develop new security systems and features.
 
Academic Integrity Policy
Please make sure you read the Academic Integrity Policy of this course.
 
Textbooks
Required: Optional:
 
Syllabus / Topics Covered
  1. The Security Problem (Bishop, Chapter 1)
    • A working definition of security
    • Evaluating security
    • Systems security vs network security vs data security
    • Societal aspects of security, ethical and legal foundations

  2. Cryptography (Bishop, Chapters 9 and 11; [Garfinkel04a])
    • Secret key cryptography
    • Public key cryptography
    • Hashes and message digests
    • Steganography

  3. Key management (Bishop, Chapter 10; [Needham78a], [Lamport81a], [Rafaeli03a])
    • Peer-to-peer
    • Group key management

  4. Authentication (Bishop, Chapter 12; [Neuman94a], [Neuman93a], [Kormann00a])
    • Password-based authentication
    • Unix vs Windows
    • Kerberos
    • X.500
    • Hardware authentication
    • Biometrics

  5. Authorization and Policy (Bishop, Chapters 2, 4 and 5; [Barkley97a])
    • Policy
    • ACLs
    • GAA-API

  6. Intrusion prevention, detection, and response (Bishop, Chapter 25, 26, and 27; [Aslam96a], [Ko94a], [Anderson95a], [Savage01a])
    • Firewalls
    • Virus checkers
    • Commercial IDS
    • Research IDS
    • Response systems

  7. Wireless technologies and implications for security ([Xydis02a])
    • 802.11b
    • Bluetooth
 
Academic Calenda
A link to the USC web site is provided here for your convenience. You can get information such as academic calendar there.
 
E-mail
Most class related announcements will be done through e-mail via an e-mail reflector setup by the instructor. Please see instructions on how to get on this list (you should do this as soon as possible).
 
Lecture Slides from Fall 2003 - by Tung & Neuman
Lecture slides (in 6-up PDF format) from Fall 2003, authored by Dr. Brian Tung and Dr. Clifford Neuman, are provided below for your information. Our class may not follow these slides exactly.
 
Homework
There will be 3 to 4 homework assignments consisting of problems and small programming assignments.

Some problems will be based on readings and class discussions. Written assignments should be in typed or computer-generated output, with the exception of formulas, drawings, tables etc., which you are free to do by hand so long as they are neat and legible.

 
Exams
Two exams will be given. The date of exam 1 will be posted near the top of the class home page. Any schedule conflicts regarding exam 1 must be resolved with the instructor at least one week before the exam date.

The date of exam 2 is firm and it is also listed near the top of the class home page. There will be no separate exams given for students with schedule conflicts.

 
Grading
Homeworks:   25%
Lab:   10%
Term Paper:   15%
Exam 1:   20%
Exam 2:   30%
The lab grade is pass/fail. So, you either get 0 point or 100 points for the lab.

Pleaes also note the following:

  • The above percentages will be used to calculate your total score. Final grades (A,B,C,D,or F) will be determined using a modified curve (i.e., we won't necessarily assign an equal number of failing grades as passing grades) based on this total score. No other methods will be considered. (So, please do not ask the instructor to take how much you have improved since the beginning of the semester into account. You are expected to try your best from the beginning!)

  • We will assign grades of C and below to individuals who do not perform satisfactorily in the above areas. (i.e., you should not assume a B- or even C if you perform unsatisfactorily.) However, we hope that everyone will perform well.

  • Your assignments are your own work! No group assignments are allowed or will be tolerated. You are free to talk to other students about assignments but no actual material (files, photocopies etc.) should be shared. We will act harshly at any sign of copying.

  • We will not assign incompletes unless it is for a documented medical reason (in accordance with USC policy).
 
Late Policy
All homeworks and project assignments must be turned in on time. Late submissions will receive severe penalties. Due to clock skews, electronic submissions of projects and homeworks assignments will be accepted within 15 minutes after the specified deadlines without penalties. If your submission is beyond the 15 minutes grace period, you will receive 75% of your grade if your submission is 15 minutes late beyond the grace period; you will receive 50% of your grade if your submission is 30 minutes late beyond the grace period; you will receive 25% of your grade if your submission is 45 minutes late beyond the grace period; and you will receive a score of zero otherwise.

Written homeworks are to be turned in at the end (when the instructor leaves) of specified classes. You may also leave written homeworks in the instructor's mailbox (in SAL 349) by the end of specified classes at your own risk.

If you are unable to complete a homework or a programming assignment due to illness or family emergency, please see the instructor as soon as possible to get an extension. A doctor's note is required as proof of illness or emergency.

 
Regrading Policy
All requests to change grading of homework, programming projects, or exams must be submitted in writing within one week of the time the initial grade was given. Requests must be specific and explain why you feel your answer deserves additional credit. A request to re-grade an assignment can result in the entire assignment being re-evaluated and as a result the score of any part of the assignment be increased or lowered as appropriate.
 
Office Hours
The instructor's office hours are held twice a week for one hour each. The instructor will be at the designated office for the first 15 minutes. If no students is waiting to see the instructor at the end of the first 15 minutes into the office hour, the instructor may cut the office hour short. (The main reason this is done is that the instructor shares the office with 4 other instructors and it can get crowded in there.)

You are welcome to make an appointment (and reserve a timeslot) to see the instructor. So, if you plan to show up after 15 minutes into the office hour, you are better off making an appointment.

 
Extra Credits
No extra credit assignments will be given for this class. So, there is not need to ask. Try your best from the beginning!
 
Implicit Student Agreement
All work including homeworks, programming assignments and exams must be that of the individual student. It is often productive to study with other students. However, if any portions of homeworks or programming assignments are found to be shared between two (or more) students, zero credit will be given to all students concerned and all students will be disciplined. This policy is in the interest of those students who do their own work, which hopefully applies to all of you in this class. 

This policy also holds for  programming assignments. In this class, we will use sophisticated automated program checkers to detect cheating. Be aware that the program checkers have demonstrated very good results and are widely used within the academic community. Any student caught cheating will be given zero credit and will be disciplined.

It is the students responsibility to submit their assignments to the TA in time. 

For students who satisfied the CSci402 prerequisite at other universities or through work experience, this course assumes that you are familiar with programming on the UNIX platform. You should be able to write programs in C/C++ and be familiar with the UNIX development environment (vi/pico/emacs, cc/gcc or g++/CC, make, etc.) No special assistance or consideration will be offered if your background is inadequate.

 
Student Responsibilities
During the semester you are responsible for completing the assigned readings, homeworks, programs, and exams.

You are expected to read all the papers in detail. Not all details will be covered in class.  We will assume knowledge of material covered in CSci402 and a C language programming proficiency from CSci402 or its equivalent. If you covered the introductory material at some other school it is YOUR responsibility to fill in any missing background. Feel free to ask me for advice on appropriate introductory readings if you feel your background is insufficient.

We expect you to attend every class meeting. If you do happen to miss a session, you are responsible for finding out what material was covered and if any administrative announcements were made. You must do so BEFORE the next session (e.g., if there is an assignment given during the missed session, you are still responsible for completing it by the next week along with the other students).  You are advised to read the papers for a particular lecture before attending the lecture. This will greatly enhance your understanding of the subject matter.

 
Fairness
The instructor must treat all students equally and cannot give special treatment to any particular student. Therefore, please do not ask special favors from the instructor because of your circumstances. This may seem unfair to you because you believe that your circumstances are special (understandably, everone does). But the rule the instructor must follow is that whatever he offers you, he must offer to the entire class.
 
Auditing
Auditing is not permitted for this class.
 
Additional Resources
Programming:
  • C Programming (by Steve Holmes at the University of Strathclyde in Glasgow, England) - includes notes on make, separate compilation, file I/O, etc.
  • Makefile tutorial (at Indiana University)
  • C/C++ at USC from USC ISDWeb
  • Steve's Software Trek (by Steve Karg) - includes some useful C/C++ source code for string manipulation, INI file manipulation, etc.
UNIX:
 

   [Please see copyright regarding copying.]