T. Andrew Yang

 

Email: yang@uhcl.edu

Web page:  http://sce.uhcl.edu/yang/

Tel.: (281) 283-3835 


Last updated:

 

4/2/2009

CSCI 5233 Computer Security & Integrity

Spring 2009  (1/20 - 5/4 + final week)

  • Check the discussion group for recent announcements & reminders.  To join the group, you'd need to have a valid email address. To be accepted into the discussion group, make sure that your email address contains both your first and last names.

If you have not joined the discussion group yet, you may join at http://groups.google.com/group/csci5233Spring2009.

·         Important Information:

o    Installation of JCE security provider for unlimited strength security

o    Java source programs from the Professional Java Security book

Class Notes, Topics & Schedule

- Print out the class notes for the day and bring them to the class.

Assignments & Projects


Time & Classroom

Tuesday, 1 - 3:50pm (Delta 241)

Prerequisite:  CSCI 4333 and CSCI 4534, or equivalents.

Special Note: Students who have completed CSCI4233 (Computer Security) are not allowed to take this course. Instead, please consider taking CSCI5235 Network Security, CSCI5234 Web Security, or other advanced courses.

Course Objectives:  Introduction to encryption and decryption; security mechanisms in computer programs, operating systems, databases, networks, administration of computer security, and legal/ethical issues in computer security.   This course provides foundation knowledge for further advanced study of security issues in computer systems and applications.

 

Learning Outcome:

  1. Understand the five security components (confidentiality, integrity, authenticity, availability, and non-repudiability), and apply them when evaluating a given security mechanism.
  2. Understand the process of developing a secure application, including development of security policies, sample policy languages, relationship between security policies and mechanisms, and different types of security mechanisms.
  3. Understand basic cryptography (encryption and decryption) and major cryptographical protocols, including symmetric and asymmetric cryptography, message digests, HMAC, digital signatures, digital certificates, key exchange, and key storage, etc.
  4. Develop sample applications using security protocols provided by a given language such as Java (JCA, JCE).
  5. Understand legal and ethical issues in computer security (privacy issues, Computer Security Act, HIPPA, etc.).
  6. Have an overall understanding of some security applications, including authentication, access control, network security, and system security.

Class Format:  Lectures are combined with discussions and, if applicable, student presentations and discussions of advanced topics.  Students are expected to be active participants, by studying the relevant chapters and/or research papers, and participating at in-class discussions.


Instructor:   Dr. T. A. Yang

(office) Delta 106

(phone#) (281) 283-3835 (Please leave a message if not available.) 

NOTE: If the suite office is locked, you may use the phone outside the office to call me (by entering the extension 3835).

(email address) yang@uhcl.edu

Important notes:

Emails without a subject line or signature will be considered as potentially malicious and be discarded.  Here is a sample subject line: "CSCI5233 project #1, question 1".

Although email messages tend to be informal, please check the grammar and spelling of your messages to ensure their legibility.

(web site)  http://sce.uhcl.edu/yang
NOTE: Find the assignments and/or projects at the  Assignments & Projects page.

Office Hours : See http://sce.uhcl.edu/yang/teaching/officeHours.htm

NOTE: In addition, you are highly encouraged to send your questions to me by e-mails (yang@uhcl.edu). Try to provide sufficient details in your email message, such as the problem(s) you have encountered, the solution(s) you have tried, and the outcome you have got from these solution(s).

 

Teaching assistant info and office hours

 

 


Required Text:

B: 

Matt Bishop. Computer Security - Art and Science. Addison Wesley. 2003. (ISBN: 0-201-44099-7)

 

+ Instructor's handout in the class and/or on the Web

Recommended (but not required):

GS:

Jess Garms and Daniel Somerfield. Professional Java Security. Wrox. 2001.  (ISBN: 1861004257)

Note: Sample programs from this book could be useful for you to get started with your programming projects.

 

  • Supplemental Materials:
    • Books:
      • Pistoia, Marco, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok Ramani, Java 2 Network Security, 2 nd Edition , Prentice Hall, 2000.
      • Rescorla, Eric, SSL and TLS: Designing and Building Secure Systems, Addison Wesley Professional, 2001.
      • Schneier, Bruce, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2 nd Edition, Wiley, 1996.

o    References and Resources:

Ongoing research related to computer security
Past and current advanced courses related to computer security (Web Security, Network Security, Wireless security, etc.)


Topics and Notes
NOTE: The following schedule will be followed as much as possible, although changes are probable.  Always check with your instructor if you are not sure what would be covered next week.

wk (dates)

Topics & Slides (Book: Chapters)

Due Dates

1 (1/20)

Syllabus
I.
Fundamentals 1
- Overview of computer security ( B: Ch 1 )

- Overview: components and mechanisms

Note: Top three of the pop quizzes will count toward your grades.

2  (1/27)

- Access Control Matrix (B: Ch 2)

 

3 (2/3)

- Security Policies (B: Ch 4)

 

4 (2/10)

II. Cryptography et. al.
- Basic Cryptography 1
(B: Ch 9)

 

5 (2/17)

- Basic Cryptography 2 (B: Ch 9) + Extended Euclidean Algorithm (B: Ch. 31) + inverse.java (computing the inverse of a mod n, given a and n)

Project 1 (design)

6 (2/24)

- Cryptography in Java (GS: Ch 3, 4, 5)

- Message Digest, Digital Signatures in Java (GS: Ch 6)

Assign 1

7 (3/3)

Midterm exam (closed book)

Midterm

 

8 (3/10)

- Digital Signatures (B: Ch 10)

Project 1 final report

9 (3/17)

Spring vacation

 

10 (3/24)

- Certificates (B: Ch 10)

Project 2

 

* 3/30: Last day to drop from a class

 

11 (3/31)

- Key Exchange (B: Ch 10)

Project 2

12 (4/7)

- Key Storage (B: Ch 10)

Assign 2

13 (4/14)

- Cipher Techniques (B: Ch 11) + RSA FAQs 2.1.4 (What is a block cipher?) and 2.1.5 (What is a stream cipher?)

Design of project 3 (new due date)

14 (4/21)

- Authentication (B: Ch 12)

 

15 (4/28)

VI. Practicum
-
The Distributed Computer Security Lab at UHCL
- Basics of Network Security (B: Ch 11)
- Network Security (B: Ch 26)

- System Security (B: Ch 27)

Project 3

16 (5/5)

Final exam: comprehensive, open-book

Final

 


  Computer Labs & Hours

The computers in the NT Lab (Delta 119) are configured with JDK and JCE for running the sample programs in the text book. You are encouraged to configure your own computer to do the projects.

·         NT account information at:  http://sce.uhcl.edu/accountSearch.html

·         UNIX account information at:  http://sce.uhcl.edu/UnixLabFAQ.asp    

·         Check http://sce.uhcl.edu/computing.asp for lab information, open hours, FAQs, etc.

·         All the software that is available for use in the UNIX and NT labs can be found at the following web pages: http://sce.uhcl.edu/NTLabIntroduction.asp for the NT lab and http://sce.uhcl.edu/UnixLabSoftware.asp for the UNIX lab.

The Distributed Computer Security Lab at UHCL

Evaluation:

category

percentage

assignments

10%

Pop quizzes (3 x 3%)

9%

Projects (6%, 6%, 8%)

20%

midterm exam

30%

final exam

31%

Total:

100%

NOTE:  The accumulated points from all the categories determine a person's final grade. There will be no extra-credit projects.

Grading Scale:

 

Percentile

Grade

93% or above

A

90% - 92%

A-

87% - 89%

B+

84% - 86%

B

80% - 83%

B-

77% - 79%

C+

74% - 76%

C

70% - 73%

C-

60%-69%

D

59% or below

F

Tests:

Both analytic and synthetic abilities are emphasized. Being able to apply the learned knowledge toward problem solving is also highly emphasized in the tests. 

Assignments and Late Penalty:

Assignments and projects will be posted at the class web site. Assignments & projects are due before the beginning of the class on the due day.  See Topics and Notes for the due dates. 

Points will be deducted from late assignments: 20% for the first 24 hours after the due time, 40% for the next 24 hours, 70% for the third 24 hours, and 100% after that. No extension will be granted except for documented emergency. Starting to work on the assignments as early as possible is always the best strategy.
NOTE: Unless otherwise specified, all assignments and projects are individual work.  Students should take caution not to violate the academic honesty policies.  See 
http://b3308-adm.uhcl.edu/PolicyProcedures/Policy.html for details.

Assignments Guidelines:

a. Identification page: All assignments must have your name, and course name/number/section number (e.g., CSCI5233-01) at the top of the first page.

b. Proper stapling:  Staple all the pages together at the top-left corner. NOTE: Do not use paper clips.

c. Order ! Order!  Arrange the solutions following the sequence of the questions. Write the question number at the top-right corner of each page.

d. Word processing:  It is required that you type your reports (e.g., print them using a printer). Use a word processor and appropriate typesetting and drawing tools to do the assignments. Spell-check the whole document before printing it. You may loose points due to spelling or grammatical errors. 

Projects:

The projects will involve the design and implementation of encryption/decryption algorithms and/or application of the algorithms to real-world problems.  Students are expected to employ the theories and techniques learned in the class to design the system.  

Details of the projects will be later made available at Assignments & Projects


Attendance Policy:

You are expected to attend all classes. If you ever miss a class, it is your responsibility to get hold of whatever may have been discussed in the class.

Instructor's Notes:

  • Unless due to unexpected, documented emergency, no make-up exams will be given.   No make-up exams will be granted once the exams have been corrected and returned to the class. 
  • No make-up exam for pop quizzes.  To prepare for a pop quiz, review the previous lecture and preview the coming week’s materials.
  • Important:   If you think you have lost some points due to grading errors, make sure you approach the instructor within a week after the assignment, project, or test is returned to you.  
  • To get the most out of this class, you need to read the textbooks and spend time using computers regularly.  Be prepared for a class by preview the material to be covered in that class and participate in discussions and problem-solving exercises, if applicable, in the class.
  • Due to the intensive nature of graduate classes, 15-20 hours per week are expected of students in studying the textbook/notes and working on the assignments, in addition to class attendance.   Expect to spend more hours during summer sessions.

  Go to the Index


  Main Page

  Biography

  Teaching

o    Office hours

   Research

o    Active projects

o    Research interest

o    Publications

o    Presentations

o    Grants

   Services

o    Student support

o    Committees

o    Curricular development

o    Centers

   Other Links