|
CSCI 4233 & CINF 4233 Computer
Security
Spring 2012 (1/17 – 4/30 + final
exam)
Time & Classroom
Tues., 10am-12:50pm (Delta 203)
Course Description: Introduction to encryption and decryption; security mechanisms in
computer architectures, operating systems, database, networks, and
introduction to security.
Prerequisite: CSCI3532 (Advanced Data
Structures and Algorithms) + MATH3331 (Discrete Math), or equivalents.
Special Note: Students who have
completed CSCI5233 (Computer Security & Integrity) should not take this
course. Instead, please consider taking CSCI5235 Network Security, CSCI5234
Web Security, or other advanced courses.
Course Objectives: Introduction to encryption
and decryption; security mechanisms in computer programs, operating systems,
databases, networks, administration of computer security, and legal/ethical
issues in computer security. This course provides foundation knowledge
for further advanced study of security issues in computer systems and
applications.
Learning
Outcome:
- Understand the five security
components (confidentiality, integrity, authenticity, availability, and
non-repudiability), and apply them when evaluating a given security
mechanism.
- Understand the
process of developing a secure application, including development of
security policies, sample policy languages, relationship between
security policies and mechanisms, and different types of security
mechanisms.
- Understand basic
cryptography (encryption and decryption) and major cryptographical
protocols, including symmetric and asymmetric cryptography, message
digests, HMAC, digital signatures, digital certificates, key exchange,
and key storage, etc.
- Develop sample
applications using security protocols provided by a given language such
as Java (JCA, JCE).
- Understand legal and
ethical issues in computer security (privacy issues, Computer Security
Act, HIPPA, etc.).
- Have an overall
understanding of some security applications, including authentication,
access control, network security, and system security.
Class Format: Lectures are combined with
discussions and, if applicable, student presentations and discussions of
advanced topics. Students are expected to be active participants, by studying
the relevant chapters and/or research papers, and participating at in-class
discussions.
Instructor: Dr. T. A. Yang
|
(office)
Delta 106
|
|
(phone#)
(281) 283-3835 (Please leave a message if not available.)
NOTE: If the suite office is locked, you may
use the phone outside the office to call me (by entering the extension
3835).
|
|
(email
address) yang@uhcl.edu
Important notes:
Emails without a subject line or
signature will be considered as potentially malicious and be discarded. Here is a sample
subject line: "CSCI4233 project #1, question 1".
Although email messages tend to be informal,
please check the grammar and spelling of your messages to ensure their
legibility.
|
|
(Web site) http://sce.uhcl.edu/yang
NOTE: Find the assignments and/or projects at the Assignments & Projects page.
|
|
Office Hours : See http://sce.uhcl.edu/yang/teaching/officeHours.htm
NOTE: In addition, you
are highly encouraged to send your questions to me by e-mails (yang@uhcl.edu). Try to provide sufficient
details in your email message, such as the problem(s) you have encountered,
the solution(s) you have tried, and the outcome you have got from these
solution(s).
|
Teaching assistant info
and office hours:
TA -
Neeraj
Jadhav (jadhav.neeraj87@gmail.com)
Office
hours -
Monday: 12 PM - 5 PM (5 hours)
Wednesday: 2 PM - 7 PM (5 hours)
Thursday: 10 AM - 2 PM (4 hours)
Required Text:
+ Instructor's handouts in
the class and/or on the Web
Recommended (but not
required):
|
·
Jess Garms and Daniel Somerfield. Professional
Java Security. Wrox. 2001. (ISBN: 1861004257)
Note: Sample programs from
this book could be useful for you to get started with your programming
projects.
·
David Hook. Beginning Cryptography with Java. Wrox. 2005. (ISBN:
0764596330)
·
Scott Oaks. Java Security (2nd Edition). O'Reilly Media.
2001. (ISBN: 0596001576)
·
Jason Weiss. Java Cryptography Extensions: Practical Guide for
Programmers. Morgan Kaufmann. 2004. (ISBN: 0127427511)
|
References and Resources:
Ongoing research related
to computer security
Past and
current advanced courses related to computer security (Web Security,
Network Security, Wireless security, etc.)
Topics and Notes
NOTE: The
following schedule will be followed as closely as possible, although changes
are probable. Always check with your instructor if you are not sure what
would be covered next week.
Computer
Labs:
The computers in the PC Lab (Delta 119) are configured with JDK and JCE for running
the sample programs. You are encouraged to configure your own computer to do
the projects.
·
Windows account information at: http://sce.uhcl.edu/accountSearch.html
·
Click http://sce.uhcl.edu/NTLabIntroduction.asp
for the list of available software in the PC lab.
Evaluation:
|
category
|
Percentage (min ~ max)
|
|
Labs
(5% each X 7)
|
35%
|
|
midterm exams (15%, 15%)
|
30%
|
|
final
exam (open book)
|
30%
|
|
Attendance++
|
5%
|
|
Class
Participation+++
|
0% ~ 3%
|
|
Total:
|
100% (0% ~ 103%)
|
++ Attendance Policy: You are expected to attend all classes.
There will be no penalty for a person’s first two absences without documented
excuse. 1% will be taken for each of the absences after the first two
absences without excuse. Note: Being
tardy is no excuse when a person is found to be absent from the class.
Note: If you ever miss a class, it is your responsibility to get hold of
whatever may have been discussed in the class.
+++ Class Participation: Participating in the class is expected. You
should ask or answer questions during the in-class or online discussions. Up
to 3% may be granted to students who are active participants.
Grading Scale:
The accumulated points
from all the categories determine a person's final grade. There will be no
extra-credit projects.
|
Percentile
|
Grade
|
|
90% or above
|
A
|
|
87% - 89%
|
A-
|
|
84% - 86%
|
B+
|
|
80% - 83%
|
B
|
|
77% - 79%
|
B-
|
|
74% - 76%
|
C+
|
|
70% - 73%
|
C
|
|
67% - 69%
|
C-
|
|
64% - 66%
|
D+
|
|
57%-59%
|
D-
|
|
Less than 57%
|
F
|
Tests
& Exams:
Both analytic and synthetic abilities are
emphasized. Being able to apply the learned knowledge toward problem solving
is also highly emphasized in the tests.
Unless due to unexpected, documented emergency, no
make-up exams will be given. No make-up exams will be granted once the exams
have been corrected and returned to the class.
Assignments and Late Penalty:
Assignments and projects will be posted at the
class web site. Assignments & projects are due before the beginning of
the class on the due day. See Topics and Notes
for the due dates.
Points will be deducted from late assignments: 20% for the first 24
hours after the due time, 40% for the next 24 hours, 70% for the third 24
hours, and 100% after that. No extension will be granted except for
documented emergency. Starting to work on the assignments as early as
possible is always the best strategy.
Assignments
Guidelines:
a. Identification page:
All assignments must have your name, and course name/number/section number
(e.g., CSCI4233-01) at the top of the first page.
b. Proper stapling: Staple
all the pages together at the top-left corner. NOTE: Do not use paper clips.
c. Order ! Order! Arrange
the solutions following the sequence of the questions. Write the question
number at the top-right corner of each page.
d. Word processing: It
is required that you type your reports (e.g., print them using a printer).
Use a word processor and appropriate typesetting and drawing tools to do the
assignments. Spell-check the whole document before printing it. You
may lose points due to spelling or grammatical errors.
Projects:
The projects will involve the design and
implementation of encryption/decryption algorithms and/or application of the
algorithms to real-world problems. Students are expected to employ the
theories and techniques learned in the class to design the system.
Details of the projects will be later made
available at Assignments & Projects.
NOTE: Unless otherwise specified,
all assignments and projects are individual work.
Students should take caution not to violate the academic
honesty policies. Check out the details at this
link.
Instructor's
Notes:
- Important: If you think you have lost some points due to grading errors,
make sure you approach the instructor within a week after the
assignment, project, or test has been returned to you.
- To get the most out of this class, you need to read the
textbooks and spend time using computers regularly. Be prepared for a
class by previewing the material to be covered in that class and
participate in discussions and problem-solving exercises, if applicable,
in the class.
- Due to the intensive nature of graduate classes, 15-20 hours per
week are expected of students in studying the textbook/notes and working
on the assignments, in addition to class attendance. Expect to spend more hours during
summer sessions.
Related Links:
|
·
UHCL
General Program Requirements: http://www.uhcl.edu/XDR/Render/catalog/archives/125/06/
·
Withdrawals,
Appeals, GPA, Repeated Courses, and the 6 Drop Rule: http://www.uhcl.edu/XDR/Render/catalog/archives/125/06/%23A0110#A0110
− 4/23/2012: last day to drop with W
·
ASSESSMENT
FOR ACCREDITATION:
The School of Science and Computer
Engineering may use assessment tools in this course and other courses for
curriculum evaluation. Educational assessment is defined as
the systematic collection, interpretation, and use of information about
student characteristics, educational environments, learning outcomes, and
client satisfaction to improve program effectiveness, student performance,
and professional success. This assessment will be related to the learning objectives
for each course and individual student performance will be disaggregated
relative to these objectives. This
disaggregated analysis will not impact student grades, but will provide
faculty with detailed information that will be used to improve courses,
curriculum, and student performance.
|
Go to the Index
|