|
|
|
|
Focus
|
This class is intended to give students an overview of systems
security, its workings, and its role in protecting data and
computing resources. The course begins with a discussion of
the fundamental problem and tools in protecting a computing
system, and proceeds through the various security services
that apply to these systems. At the end of the course,
students should be able to
- Describe and assess a broad range of security systems.
- Understand the fundamental mathematics and engineering
underlying security systems.
- Judge the suitability of security systems for various applications.
- Know how to develop new security systems and features.
|
|
Academic Integrity Policy
|
Please make sure you read the Academic
Integrity Policy of this course.
|
|
Recommanded Textbooks
|
- B. Schneier,
Applied Cryptography:
Protocols, Algorithms, and Source Code in C,
2nd Edition, John Wiley & Sons, 1995.
(This book is probably out of print, but you should be able to find
used ones.)
- Matt Bishop,
Computer Security: Art and Science,
Addison-Wesley, 2002.
|
|
Syllabus / Topics Covered
|
- The Security Problem (Bishop, Chapter 1)
- A working definition of security
- Evaluating security
- Systems security vs network security vs data security
- Societal aspects of security, ethical and legal foundations
- Cryptography (Bishop, Chapters 9 and 11;
[Garfinkel04a])
- Secret key cryptography
- Public key cryptography
- Hashes and message digests
- Steganography
- Cryptographic Protocols (Schneier, Chapters 3 through 6 and 23)
- basic cryptographic protocols
- intermediate cryptographic protocols
- advanced cryptographic protocols
- esoteric cryptographic protocols
- Key management (Bishop, Chapter 10;
[Needham78a],
[Lamport81a],
[Rafaeli03a])
- Peer-to-peer
- Group key management
- Authentication (Bishop, Chapter 12;
[Neuman94a],
[Neuman93a],
[Kormann00a])
- Password-based authentication
- Unix vs Windows
- Kerberos
- X.500
- Hardware authentication
- Biometrics
- Authorization and Policy (Bishop, Chapters 2, 4 and 5;
[Barkley97a])
- Intrusion prevention, detection, and response
(Bishop, Chapter 25, 26, and 27;
[Aslam96a],
[Ko94a],
[Anderson95a],
[Savage01a])
- Firewalls
- Virus checkers
- Commercial IDS
- Research IDS
- Response systems
- Wireless technologies and implications for security
([Xydis02a])
|
|
Academic Calendar
|
A link to the
USC Spring 2010 academic calendar
is provided here for your convenience.
|
|
E-mail
|
Most class related announcements will be done through e-mail via
an e-mail reflector setup by the instructor. Please see
instructions on how to get
on this list (you should do this as soon as possible).
Please do not ask the following types of questions in your e-mail:
- Here is my understanding of X. Am I right (or is this correct)?
(You can do this for just about everything and in many different ways.
I do not have the bandwidth to deal with too many questions like this.)
However, often times, you should be able to ask a slightly different
question and get the same answer that you are looking for.
This type of questions is completely appropriate for office hours.)
- I don't understand X. Could you explain X to me?
(It's your responsiblity to come to lectures and ask questions
during lectures if there is something you do not understand. If you
did attend lectures, then it is appropriate to ask this during office
hours.)
Although this is not related to e-mails, it's a type of
question I get often. Please do not ask this types of
question:
- Here is what I am thinking of or doing... is it acceptable (or is this okay)?
(What you are really asking is whether you will receive full
credit or not. Wouldn't it be great if you can ask this during
exams? It's not an appropriate question for assignments
for the same reason it is not appropriate for exams. Although
there is a difference between programming assignments and exams,
but since you are asking about grading, it's inappropriate.)
|
|
Homework
|
There will be 3 to 4 homework assignments consisting of problems
and small programming assignments.
Some problems will be based on readings and class discussions.
Written assignments should be in typed or computer-generated
output, with the exception of formulas, drawings, tables etc.,
which you are free to do by hand so long as they are neat and legible.
|
|
Exams
|
A midterm and a final examination will be given.
The date of the midterm examination will be posted near the
top of the class home page.
The date of the final examination is firm and it is also listed near the
top of the class home page.
Any schedule conflicts regarding the midterm exam date must
be resolved with the instructor at least one week
before the exam date.
I often get questions such as (1) can I get a copy of an old exam
and (2) what types of questions should I expect? The answer to
question (1) is "no". I'm sorry, but I do not give out old exams.
That's just my policy. The answer to question (2) is the following.
There are two types of exam questions that I usually ask.
The first type is numerical and you need to calculate something
(usually arithematics with small integers).
The second type is in the following form: "In N words or less,
what is the answer to the following question?"
For this type of question, you can write as many words as
you'd like, but I will only read the first N words of your
answer! You don't need to count the number of words in your answer,
you just need to make sure that the most important part of your
answer appears in the first N words! (There is no need to
write complete English sentenses when you answer exam
questions. Just give me the important stuff!)
The reason I'm doing this is that I don't want a brain dump
of everything you know about a topic and tell me that the
answer is there and that I have to look for it! I want you
to tell me what part of your answer you think is important and you
need to distinguish between answers of different quality
and put the best answer up front.
Let me give a couple of silly examples (with questions
that's not in the scope of any exam).
- "In 20 words or less, for our programming assignments,
when is 'plagiarism' considered taking place?
If your answer is "when you take
someone else's work and claim it to be yours", then you
will get full credit. If your answer is, "when you submit
someone else's work", you probably will not get full credit.
- "In 20 words or less, what is the fairness policy of
this class?" If your answer is, "whatever the instructor
offer to one student, he must offer it to the rest of the
class," then you will get full credit. If your answer is,
"the instructor must be fair to every student," you
probably will not get much credit.
Can you tell why the first answers above are better than
the second answers? I also may ask the follow types of questions:
- "In 20 words or less, what is the definition of X."
In general, better answers may score more points. If you
give very high level and generic answer that's generally true
or basically just repeat the question,
you probably will get very little credit for it! You need to
answer a specific question with a specific answer.
|
|
Grading
|
-
Homeworks:
|
| 30%
|
Lab:
|
| 10%
|
Term Paper:
|
| 10%
|
Participation:
|
| 3%
|
Midterm Exam:
|
| 22%
|
Final Exam:
|
| 25%
|
Pleaes also note the following:
- The above percentages will be used to calculate your total score.
Final grades (A,B,C,D,or F) will be determined using a modified
curve (i.e., we won't necessarily assign an equal number of failing
grades as passing grades) based on this total score. No other methods
will be considered. (So, please do not ask the instructor to take how
much you have improved since the beginning of the semester into account.
You are expected to try your best from the beginning!)
- We will assign grades of C and below to individuals who do not
perform satisfactorily in the above areas. (i.e., you should not
assume a B- or even C if you perform unsatisfactorily.)
However, we hope that most students will perform well.
- Your assignments are your own work! No group assignments are allowed
or will be tolerated. You are free to talk to other students about
assignments but no actual material (files, photocopies etc.) should
be shared. We will act harshly at any sign of copying.
- We will not assign incompletes unless it is
for a documented medical reason (in accordance with USC policy).
|
|
Late Policy
|
All assignments (homeworks and term paper) must be turned in on time.
Late submissions will receive severe penalties. Due to clock skews,
electronic submissions of projects and homeworks assignments will
be accepted within 15 minutes after the specified deadlines without penalties.
If you submit within the next 24 hours, you will receive 75% of your grade.
Although in the first 50 minutes of this period, you will only lose 1% of your
grade every 2 minutes. You will receive a score of zero after the
first 24 hours (and your assignment will not be graded).
If you are unable to complete a homework or a programming assignment due
to illness or family emergency, please see the instructor as soon as
possible to get an extension. A doctor's note
is required as proof of illness or emergency.
In general, when you get sick,
it's best to see a doctor and get a note just in case you may need it later.
|
|
Note From A Doctor
|
Recently, there has been a change in the policy at the
Student Health Center regarding giving a "note from the doctor"
to you to bring to a faculty
member so that you can be execused from deadlines. Basically,
they will not give you such a note any more.
What they would give you is an Authorization for Disclosure
of Medical Information form. With this form, you give them
permissions to discuss your illness with me.
So, if you visit a doctor at the Student Health Center,
please make sure you fill out one of these forms, check the
"limited discussion with faculty" checkbox, get it stamped,
signed, and dated by someone there (a clerk/receptionist
would sign at the "witness" line), and bring it back to me.
This would satisfy the "note from a doctor" requirement so
that you can get an extension.
If you visit a doctor somewhere else, please either bring a
"note from the doctor" or a similar authrozation letter so
I can contact them.
|
|
Regrading Policy
|
All requests to change grading of homework, programming projects, or
exams must be submitted in writing within one week
of the time the initial grade was given. Requests must be specific
and explain why you feel your answer deserves additional credit.
A request to re-grade an assignment can result in the entire assignment
being re-evaluated and as a result the score of any part of
the assignment be increased or lowered as appropriate.
|
|
Office Hours
|
The instructor's office hours are held twice a week for one hour each.
You are welcome to make an appointment to see the instructor outside
of office hours.
|
|
Extra Credits
|
No extra credit assignments will be given for this class. So, there
is not need to ask. Try your best from the beginning!
|
|
Implicit Student Agreement
|
All work including homeworks, programming
assignments and exams must be that of the individual student. It is often
productive to study with other students. However, if any portions of homeworks
or programming assignments are found to be shared between two (or more)
students, zero credit will be given to all students concerned and all students
will be disciplined. This policy is in the interest of those students who
do their own work, which hopefully applies to all of you in this class.
This policy also holds for programming assignments. In
this class, we will use sophisticated automated program checkers to detect
cheating. Be aware that the program checkers have demonstrated very good
results and are widely used within the academic community. Any student
caught cheating will be given zero credit and will be disciplined.
It is the students responsibility to submit their assignments
to the TA in time.
For students who satisfied the CSci402 prerequisite at other universities
or through work experience, this course assumes that you are familiar
with programming on the UNIX platform.
You should be able to write programs in C/C++ and be
familiar with the UNIX development environment
(vi/pico/emacs, cc/gcc or g++/CC, make, etc.)
No special assistance or consideration will be offered
if your background is inadequate.
|
|
Student Responsibilities
|
During the semester you are responsible for completing the assigned
readings, homeworks, programs, and exams.
You are expected to read all the papers in detail.
Not all details will be covered in class. We will assume knowledge
of material covered in CSci402 and a C language programming proficiency from
CSci402 or its equivalent. If you covered the introductory material at some
other school it is YOUR responsibility to fill in any missing background.
Feel free to ask me for advice on appropriate introductory readings if
you feel your background is insufficient.
We expect you to attend every class meeting.
If you do happen to miss a session, you are responsible for finding out
what material was covered and if any administrative announcements were
made. You must do so BEFORE the next session (e.g., if there is an assignment
given during the missed session, you are still responsible for completing
it by the next week along with the other students). You are advised
to read the papers for a particular lecture before attending the lecture.
This will greatly enhance your understanding of the subject matter.
|
|
Fairness
|
The instructor must treat all students equally and cannot
give special treatment to any particular student.
Therefore, please do not ask special favors from the
instructor because of your circumstances.
This may seem unfair to you because you believe that your
circumstances are special (understandably, everone
does). But the rule the instructor must follow is that
whatever
he offers you, he must offer to the entire class.
|
|
Auditing
|
Auditing is not permitted for this class.
|
|
Additional
Resources
|
Programming:
- C Programming
(by Steve Holmes at the University of Strathclyde in Glasgow, England)
- includes notes on make, separate compilation,
file I/O, etc.
- Makefile tutorial (at Colby College)
- Steve's Software Trek
(by Steve Karg) - includes some useful C/C++ source code for string
manipulation, INI file manipulation, etc.
- C Examples -
lots and lots of sample C code for basic stuff.
- C/C++ at USC
from USC ITSWeb
- Online Judge
online portal for IT interview
UNIX:
- cygwin (BSD system with X11R6 on Windows XP)
- Unix commands (more complete, from University of Utah)
- UNIX Shell Programming (Chapter 2 of this book gives a good introduction to UNIX)
-
UNIXhelp for Users from the University of Edinburgh
- C/C++
Documentation
(compiling, linking, additional libraries, include files) from USC ITSWeb
- UNIX Documentation
(concepts, commands, X-Windows) from USC ITSWeb
-
Emacs Documentation from USC ITSWeb
-
Vi Text EditorDocumentation from USC ITSWeb
- General information on operating systems, productivity applications,
Internet connectivity, e-mail and web publishing at USC, can be found
at the ITS software site. You
can click on your operating system and download useful software from there.
For example, for the Windows platform, you can find things like
X-Win32, FileZilla, and PuTTY there.
|
|
|