|
CSCI 5233-01 Computer Security & Integrity
Fall 2010 (8/23 – 12/4 + final
week)
- A discussion group for this class is at http://groups.google.com/group/csci5233Fall2010.
Check the
discussion group for recent announcements & reminders. Students enrolled in the class will be
automatically added to the group. If you encounter any difficulty
accessing the group, send an email to the instructor.
Time & Classroom
Tues. & Thur., 1-2:20pm (Delta 150)
Course Description: Introduction to encryption and decryption; security mechanisms in
computer architectures, operating systems, database, networks, and
introduction to security.
Prerequisite: CSCI 4333 and CSCI 4534,
or equivalents.
Special Note: Students who have
completed CSCI4233 (Computer Security) are not allowed to take this course.
Instead, please consider taking CSCI5235 Network Security, CSCI5234 Web
Security, or other advanced courses.
Course Objectives: This course covers
fundamental knowledge related to computer security, and lays foundation for
further advanced study of security issues in computer systems and
applications.
Learning
Outcome:
- Understand the five security
components (confidentiality, integrity, authenticity, availability, and
non-repudiability), and apply them when evaluating a given security
mechanism.
- Understand the process
of developing a secure application, including development of security
policies, sample policy languages, relationship between security
policies and mechanisms, and different types of security mechanisms.
- Understand basic
cryptography (encryption and decryption) and major cryptographical
protocols, including symmetric and asymmetric cryptography, message
digests, HMAC, digital signatures, digital certificates, key exchange,
and key storage, etc.
- Develop sample
applications using security protocols provided by a given language such
as Java (JCA, JCE).
- Understand legal and
ethical issues in computer security (privacy issues, Computer Security
Act, HIPPA, etc.).
- Have an overall
understanding of some security applications, including authentication,
access control, network security, and system security.
Class Format: Lectures are combined with
discussions and, if applicable, student presentations and discussions of
advanced topics. Students are expected to be active participants, by studying
the relevant chapters and/or research papers, and participating at in-class
discussions.
Instructor: Dr. T. A. Yang
|
(office)
Delta 106
|
|
(phone#)
(281) 283-3835 (Please leave a message if not available.)
NOTE: If the suite office is locked, you may
use the phone outside the office to call me (by entering the extension
3835).
|
|
(email
address) yang@uhcl.edu
Important notes:
Emails without a subject line or
signature will be considered as potentially malicious and be discarded. Here is a sample
subject line: "CSCI5233 project #1, question 1".
Although email messages tend to be informal,
please check the grammar and spelling of your messages to ensure their
legibility.
|
|
(Web site) http://sce.uhcl.edu/yang
NOTE: Find the assignments and/or projects at the Assignments & Projects page.
|
|
Office Hours : See http://sce.uhcl.edu/yang/teaching/officeHours.htm
NOTE: In addition, you are
highly encouraged to send your questions to me by e-mails (yang@uhcl.edu). Try to provide sufficient
details in your email message, such as the problem(s) you have encountered,
the solution(s) you have tried, and the outcome you have got from these
solution(s).
|
Teaching assistant info
and office hours:
Check this
link.
Required Text:
+ Instructor's handouts in
the class and/or on the Web
Recommended (but not
required):
|
GS:
|
Jess
Garms and Daniel Somerfield. Professional
Java Security. Wrox. 2001. (ISBN: 1861004257)
Note: Sample programs from
this book could be useful for you to get started with your programming
projects.
|
References and Resources:
Ongoing
research related to computer security
Past and current advanced courses related to
computer security (Web Security, Network Security, Wireless security,
etc.)
Topics and Notes
NOTE: The
following schedule will be followed as much as possible, although changes are
probable. Always check with your instructor if you are not sure what would be
covered next week.
|
wk (dates)
|
Topics & Slides (Book: Chapters)
|
Due
Dates
|
|
1 (8/24, 8/26)
|
Syllabus
I. Fundamentals 1
- Overview
of computer security ( B: Ch 1 )
- Overview: components
and mechanisms
|
|
|
2 (8/31, 9/2)
|
- Access
Control Matrix (B: Ch 2)
|
|
|
3 (9/7, 9/9)
|
- Security Policies (B: Ch 4)
|
|
|
4 (9/14, 9/16)
|
II. Cryptography et. al.
- Basic Cryptography 1 (B: Ch 9)
|
Assign 1 (9/14)
|
|
5 (9/21, 9/23)
|
- Basic
Cryptography 2 (B: Ch 9) + Extended Euclidean Algorithm (B: Ch. 31) + inverse.java (computing the inverse of a mod n,
given a and n)
|
|
|
6 (9/28, 9/30)
|
- Cryptography in Java (GS: Ch 3, 4, 5)
|
Project 1 design (9/28)
|
|
7 (10/5, 10/7)
|
- Message
Digest, Digital Signatures in Java (GS: Ch 6)
Midterm exam (closed
book)
|
Midterm (10/7)
|
|
8 (10/12, 10/14)
|
- Digital Signatures (B: Ch 10)
|
Project 1 final report (10/12)
|
|
9 (10/19, 10/21)
|
- Certificates (B: Ch 10)
|
|
|
10 (10/26, 10/28)
|
- Key Exchange (B: Ch 10)
|
Assign 2 (10/26)
|
|
11 (11/2, 11/4)
|
- Key Storage (B: Ch 10)
|
Project
2 (11/2)
|
|
12 (11/9, 11/11)
|
- Cipher
Techniques (B: Ch 11) + RSA FAQs 2.1.4 (What is a block
cipher?) and 2.1.5 (What is a stream
cipher?)
|
Project 3 design (11/9)
|
|
13 (11/16, 11/18)
|
- Authentication (B: Ch 12)
|
|
|
14 (11/23, 11/25)
|
VI. Practicum
- The Distributed Computer Security Lab
at UHCL
- Basics of
Network Security (B: Ch 11)
- Network Security (B: Ch 26)
|
|
|
15 (11/30, 12/2)
|
- System Security (B: Ch 27)
|
Project 3 (11/30)
|
|
16 (12/9, Thurs.)
|
Final
exam: comprehensive, open-book
Exam
time: 1pm-3pm
|
Final exam
|
Computer
Labs & Hours
The computers in the NT Lab (Delta 119) are configured with JDK and JCE for running
the sample programs. You are encouraged to configure your own computer to do
the projects.
·
NT account information at: http://sce.uhcl.edu/accountSearch.html
·
UNIX account information at: http://sce.uhcl.edu/UnixLabFAQ.asp
·
Check http://sce.cl.uh.edu/computing.asp
for lab information, open hours, FAQs, etc.
·
All the software that is available for use in the UNIX and NT labs
can be found at the following web pages: http://sce.uhcl.edu/NTLabIntroduction.asp
for the NT lab and http://sce.uhcl.edu/UnixLabSoftware.asp
for the UNIX lab.
The Distributed
Computer Security Lab at UHCL
Evaluation:
|
category
|
percentage
|
|
assignments
|
14%
|
|
Projects
(7%, 7%, 10%)
|
24%
|
|
midterm
exam
|
30%
|
|
final
exam
|
32%
|
|
Total:
|
100%
|
NOTE: The accumulated points from all the categories determine
a person's final grade. There will be no extra-credit projects.
Grading Scale:
|
Percentile
|
Grade
|
|
93% or above
|
A
|
|
90% - 92%
|
A-
|
|
87% - 89%
|
B+
|
|
84% - 86%
|
B
|
|
80% - 83%
|
B-
|
|
77% - 79%
|
C+
|
|
74% - 76%
|
C
|
|
70% - 73%
|
C-
|
|
60%-69%
|
D
|
|
59% or below
|
F
|
Tests
& Exams:
Both analytic and synthetic abilities are
emphasized. Being able to apply the learned knowledge toward problem solving
is also highly emphasized in the tests.
Unless due to unexpected, documented emergency, no
make-up exams will be given. No make-up exams will be granted once the exams
have been corrected and returned to the class.
Assignments and Late Penalty:
Assignments and projects will be posted at the
class web site. Assignments & projects are due before the beginning of
the class on the due day. See Topics and Notes
for the due dates.
Points will be deducted from late assignments: 20% for the first 24
hours after the due time, 40% for the next 24 hours, 70% for the third 24
hours, and 100% after that. No extension will be granted except for
documented emergency. Starting to work on the assignments as early as
possible is always the best strategy.
NOTE: Unless otherwise specified,
all assignments and projects are individual work.
Students should take caution not to violate the academic
honesty policies. Check out the details at this
link.
Assignments
Guidelines:
a. Identification page:
All assignments must have your name, and course name/number/section
number (e.g., CSCI5233-01) at the top of the first page.
b. Proper stapling: Staple
all the pages together at the top-left corner. NOTE: Do not use paper clips.
c. Order ! Order! Arrange
the solutions following the sequence of the questions. Write the question
number at the top-right corner of each page.
d. Word processing: It
is required that you type your reports (e.g., print them using a printer).
Use a word processor and appropriate typesetting and drawing tools to do the
assignments. Spell-check the whole document before printing it. You
may lose points due to spelling or grammatical errors.
Projects:
The projects will involve the design and
implementation of encryption/decryption algorithms and/or application of the
algorithms to real-world problems. Students are expected to employ the
theories and techniques learned in the class to design the system.
Details of the projects will be later made
available at Assignments & Projects.
Attendance Policy:
You are expected to attend all classes. If you
ever miss a class, it is your responsibility to get hold of whatever may have
been discussed in the class.
Instructor's
Notes:
- Important: If you think you have lost some points due to grading errors,
make sure you approach the instructor within a week after the
assignment, project, or test is returned to you.
- To get the most out of this class, you need to read the
textbooks and spend time using computers regularly. Be prepared for a
class by previewing the material to be covered in that class and
participate in discussions and problem-solving exercises, if applicable,
in the class.
- Due to the intensive nature of graduate classes, 15-20 hours per
week are expected of students in studying the textbook/notes and working
on the assignments, in addition to class attendance. Expect to spend more hours during
summer sessions.
Related Links:
|
·
UHCL
General Program Requirements: http://www.uhcl.edu/XDR/Render/catalog/archives/125/06/
·
Withdrawals,
Appeals, GPA, Repeated Courses, and the 6 Drop Rule: http://www.uhcl.edu/XDR/Render/catalog/archives/125/06/%23A0110#A0110
·
ASSESSMENT
FOR ACCREDITATION:
The School of Science and Computer
Engineering may use assessment tools in this course and other courses for
curriculum evaluation. Educational assessment is defined as
the systematic collection, interpretation, and use of information about
student characteristics, educational environments, learning outcomes, and
client satisfaction to improve program effectiveness, student performance,
and professional success. This assessment will be related to the learning
objectives for each course and individual student performance will be
disaggregated relative to these objectives.
This disaggregated analysis will not impact student grades, but will
provide faculty with detailed information that will be used to improve
courses, curriculum, and student performance.
|
Go to the Index
|
Main Page
Biography
Teaching
o Office hours
Research
o Active projects
o Research interest
o Publications
o Presentations
o Grants
Services
o Student support
o Committees
o Curricular development
o Centers
Other Links
|